Ports used by Kaspersky Security Center

The table below shows the ports that must be open on Administration Servers and on client devices.

Ports used by Kaspersky Security Center

Device

Port number

Name of the process that opens the port

Protocol

TLS (except for UDP ports)

Port purpose

Scope

Administration Server

 

8060

klcsweb

TCP

No

Transmitting published installation packages to client devices

Publishing installation packages

8061

klcsweb

TCP

Yes

Transmitting published installation packages to client devices

Publishing installation packages

9000*

CSWebInterface

TCP

Yes

Receiving inbound connections from the Apache server

Working with Kaspersky Security Center 10 Web Console and Self Service Portal

13000

klserver

TCP

Yes

Receiving connections from Network Agents and slave Administration Servers; also used on slave Administration Servers for receiving connections from the master Administration Server (for example, if the slave Administration Server is in DMZ)

Managing client devices and slave Administration Servers

13000

klserver

UDP

Null

Receiving information about devices that were turned off from Network Agents

Managing client devices

13291

klserver

TCP

Yes

Receiving connections from Administration Console to Administration Server

Managing Administration Server

13292

klserver

TCP

Yes

Receiving connections from mobile devices

Mobile Device Management

13294*

klserver

TCP

Yes

Receiving connections from UEFI protection devices

Managing UEFI protection client devices

13299

klserver

TCP

Yes

Receiving connections from Kaspersky Security Center 11 Web Console to the Administration Server; receiving connections to the Administration Server over OpenAPI

Kaspersky Security Center 11 Web Console, OpenAPI

14000

klserver

TCP

No

Receiving connections from Network Agents

Managing client devices

13111*

ksnproxy

TCP

No

Receiving requests from managed devices to KSN proxy server

KSN proxy server

15111*

ksnproxy

UDP

Null

Receiving requests from managed devices to KSN proxy server

KSN proxy server

17000

klactprx

TCP

Yes

Receiving connections for application activation from managed devices (except for mobile devices)

Activation proxy server for non-mobile devices

17100*

klactprx

TCP

Yes

Receiving connections for application activation from mobile devices

Activation proxy server for mobile devices

Network Agent

15000

klnagent

UDP

Null

Multicasting for Network Agents

Delivering updates and installation packages

Distribution point

 

15001

klnagent

UDP

Null

Multicasting for Network Agents

Delivering updates and installation packages

13000

klnagent

TCP

Yes

Receiving connections from Network Agents

Managing client devices, delivering updates and installation packages

iOS MDM Server

443*

kliosmdmservicesrv

 

TCP

Yes

Receiving connections from iOS mobile devices

Mobile Device Management

Kaspersky Security Center 11 Web Console Server (may be the same device where the Administration Server is running, or may be a different device)

8080*

Node.js

TCP

Yes

Receiving connections from browser to Kaspersky Security Center 11 Web Console

Kaspersky Security Center 11 Web Console

* Italics signify the ports that you have to open only if you work with mobile devices, Kaspersky Security Center 11 Web Console, and Self Service Portal (see the "Port purpose" and "Functional scope” columns).

If you install the Administration Server and the database on different devices, you must make available the necessary ports on the device where the database is located (for example, port 3306 for MySQL Server, or port 1433 for Microsoft SQL Server; please refer to the DBMS documentation for details).

See also:

Interaction of Kaspersky Security Center components and security applications: more information

Page top