This article applies to:
Question:
What ports need to be open in my firewall for Bitdefender for Marshal?
Information:
Bitdefender for Marshal requires Engine and signature updates to maintain current virus protection. BitDefender for Marshal also checks product licensing through a website.
By default, the Bitdefender for Marshal updater uses a direct HTTPS connection to download these updates.
- You can also use a proxy server.
For more information about the options, see Help for the Bitdefender for Marshal configuration tool.
The table below details the various ports used by Bitdefender for Marshal for direct connections. These ports must be available on every processing server where the Bitdefender for Marshal package is installed.
If you use an active web filtering device upstream of the processing server (such as WebMarshal), you must configure it to pass this traffic.
Port | Direction | Destination | Required for Versions | Explanation |
tcp/80 | Outbound | CRL distribution points | All | HTTPS connection validation for the licensing and download sites requires access to the Certificate Revocation Lists over HTTP. - Currently, Trustwave and Digicert certificates/CRLs are used.
- Certificate issuers and IP addresses are subject to change without notice.
|
tcp/443 | Outbound | bitdefender.marshal.com Within the block 20.81.78.232/29 | All | Bitdefender for Marshal checks licensing information from this website using HTTPS. This website must be accessible for virus protection to be current. - The IP address information provided is correct at the date of this article, but it is subject to change. Trustwave will attempt to provide advance notice of any change.
|
tcp/443 | Outbound | agent-av-mirror.trustwave.com 204.13.202.54 upgrade.bitdefender.com (CDN, from March 2022) | All | Bitdefender for Marshal retrieves Engine and signature updates from this website using HTTPS. This website must be accessible for virus protection to remain current. - From March 2022 Bitdefender for Marshal will access the Bitdefender website to retrieve these updates. The agent-av-mirror site will be decommissioned.
- Customers MUST upgrade to the latest Bitdefender for Marshal release (1.2.0) as soon as possible to assure access to the signatures.
|
udp/53 tcp/53 | Outbound | DNS servers specified in OS configuration | All | The Bitdefender for Marshal updater requires external DNS access to resolve the server names listed above. |