Firewall Ports Required by Bitdefender for Marshal


This article applies to:

  • Bitdefender for Marshal

Question:

What ports need to be open in my firewall for Bitdefender for Marshal?

Information:

Bitdefender for Marshal requires Engine and signature updates to maintain current virus protection. BitDefender for Marshal also checks product licensing through a website. 

By default, the Bitdefender for Marshal updater uses a direct HTTPS connection to download these updates.

  • You can also use a proxy server.

For more information about the options, see Help for the Bitdefender for Marshal configuration tool.

The table below details the various ports used by Bitdefender for Marshal for direct connections. These ports must be available on every processing server where the Bitdefender for Marshal package is installed.

If you use an active web filtering device upstream of the processing server (such as WebMarshal), you must configure it to pass this traffic.

Port Direction Destination Required for Versions Explanation
 tcp/80  Outbound CRL distribution points  All HTTPS connection validation for the licensing and download sites requires access to the Certificate Revocation Lists over HTTP.
  • Currently, Trustwave and Digicert certificates/CRLs are used.
  • Certificate issuers and IP addresses are subject to change without notice.
tcp/443 Outbound bitdefender.marshal.com
Within the block 20.81.78.232/29
All Bitdefender for Marshal checks licensing information from this website using HTTPS. This website must be accessible for virus protection to be current.
  • The IP address information provided is correct at the date of this article, but it is subject to change. Trustwave will attempt to provide advance notice of any change.
tcp/443 Outbound agent-av-mirror.trustwave.com
204.13.202.54
upgrade.bitdefender.com
(CDN, from March 2022)
All Bitdefender for Marshal retrieves Engine and signature updates from this website using HTTPS. This website must be accessible for virus protection to remain current.
  • From March 2022  Bitdefender for Marshal will access the Bitdefender website to retrieve these updates. The agent-av-mirror site will be decommissioned.
  • Customers MUST upgrade to the latest Bitdefender for Marshal release (1.2.0) as soon as possible to assure access to the signatures.
udp/53
tcp/53
Outbound DNS servers specified in OS configuration All The Bitdefender for Marshal updater requires external DNS access to resolve the server names listed above.


Last Modified 2/27/2022.
https://support.trustwave.com/kb/KnowledgebaseArticle20561.aspx