Endpoint Security Network Requirements

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

WatchGuard Endpoint Security software is compatible with Windows, Linux, Android, iOS, and Mac. Installation requirements differ for different platforms.For detailed information on installation requirements, go to the WatchGuard Endpoint Security Release Notes (external link).

WatchGuard Endpoint Security requires access to multiple Internet-hosted resources. It requires access to ports 80 and 443. This topic provides high-level network requirements information. For a complete list of the URLs that WatchGuard Endpoint Security requires access to, go to this Knowledge Base article (external link).

Windows

To implement certain features, the security software installed on the computers on the network uses these listening ports:

  • TCP port 18226 — Used by computers with the cache role to serve files.
  • TCP port 21226 — Used by computers with the cache role to request the files to download.
  • TCP port 3128 — Used by computers with the proxy role.
  • UDP port 21226 — Used by computers with the discovery computer role.
  • TCP port 33000 — Used by computers that make a VPN connection to the Firebox.
  • UDP port 35621 — Used by the protection module on the localhost interface.

For more information, go to Designate a Cache Computer (Windows computers), Designate a Computer as a WatchGuard Proxy (Windows Computers), Designate a Discovery Computer, and Configure Network Access Enforcement in WatchGuard Endpoint Security.

Linux

To implement specific features, the security software installed on the computers on the network uses these listening ports:

  • UDP port 21226 — Used by computers with the discovery computer role on all network interfaces.
  • TCP port 4575 — Used by the protection module on the localhost interface.
  • TCP port 8310 — Used by the protection module on the localhost interface.
  • TCP port 5560 — Internal process communication on the localhost interface.

macOS

To implement specific features, the security software installed on Mac computers on the network uses these listening ports:

  • UDP port 21226 — Used by computers with the discovery computer role on all network interfaces.
  • TCP port 33000 — Used by computers that make a VPN connection to the Firebox on all network interfaces.
  • TCP port 4575 — Used by the protection module on the localhost interface.
  • TCP port 8310 — Used by the protection module on the localhost interface.
  • TCP port 5560 — Internal process communication on the localhost interface.

Android Devices

For push notifications to work, open ports 5228, 5229, and 5230 to all IP addresses contained in the IP blocks listed in Google’s ASN 15169 (external link).

iOS Devices

The application installed on iOS mobile device uses the Apple Push Notification service to communicate with the software. If the device is connected to the network by 2G, 3G, or 4G, there are no specific network requirements. If the device is connected to the network by Wi-Fi, Access Point (AP) or other method, it connects to specific servers. Make sure these ports are available:

  • TCP 5223 to communicate with the Apple Push Notification service
  • TCP 443 or 2197 to send notifications

Servers that make up the Apple Push Notification service use load balancing. This means that the device will not always connect to the same IP address. We recommend that you configure your firewall to allow connections to the entire 17.0.0.0/8 range assigned to Apple.

If this is not possible, allow connections to these ranges for IPv4:

  • 17.249.0.0/16
  • 17.252.0.0/16
  • 17.57.144.0/22
  • 17.188.128.0/18
  • 17.188.20.0/23

Allow connections to these ranges for IPv6:

  • 2620:149:a44::/48
  • 2403:300:a42::/48
  • 2403:300:a51::/48
  • 2a01:b740:a42::/48

Related Topics

Determine the Software Version

WatchGuard Endpoint Security Release Notes (external link)