Which default ports do Web Security and Web Filter components use?

Article Number: 000002251
2251
Products: V-Series, Web Security and Filter, Web Security Gateway Anywhere
Versions: 7.1, 7.5

Problem Description

I want to install, configure, or upgrade Websense Web Security or Websense Web Filter. Which default ports do Websense software components use? Which default ports are used for interoperability with other Websense solutions, or by supported integration products?

Resolution

This article identifies the default ports used by most Websense Web Security and Websense Web Filter components, interoperability components, and some integration products. In most cases, the ports assigned automatically during installation never need to be changed.

  • You can optionally configure Websense software to use custom ports for Log Server, DC Agent, eDirectory Agent, Logon Agent, RADIUS Agent, Global Catalog Server (Active Directory), and Novell eDirectory Server communication in TRITON - Web Security.
  • Use the Log Server Configuration utility if you want to change the Log Server port.
More Websense Web Security Gateway port information is available at:

http://www.websense.com/content/support/library/web/v75/ws_ports/first.aspx

Default installation ports

Component Default Port Description
TRITON - Web Security Communications
Policy Server 55806
55824
TRITON - Web Security uses these ports to communicate with Policy Server.
HTTPS 9443
9444
This port is used to enable secure browser connections to TRITON - Web Security (including reporting features). Both the Apache2Websense and ApacheTomcatWebsense services use port 9443. The Tomcat service also uses port 9444.
AJP 9009 Apache Tomcat uses this port to communicate with Apache HTTP Server.
Tomcat 9005 Apache Tomcat server port.
HTTP 1812 Apache HTTP Server uses this port for HTTP communication. (TRITON - Web Security is accessed via HTTPS.)
HTTP 7191 Apache Tomcat uses this port for HTTP communication. (TRITON - Web Security is accessed via HTTPS.)
Filtering Service Communications
Filtering Service 15868

Filtering Service listens on this port for requests coming from Network Agent, Linking Service, and integration products (integrated firewalls, proxies, and gateways). If this port is blocked, you will not be able to filter Internet activity.

Block Messages 15871 Filtering Service uses this port to transmit block, continue, or quota pages to users who try to access restricted sites.
Block Message Authentication 15872 Used for secure manual authentication of users.
Diagnostics Port 15869 Websense Technical Support can use this port to troubleshoot your Filtering Service installation. It is not necessary for this port to be open for normal operations.
Master Database 80
HTTP
Filtering Service uses this port to download updates to the Master Database. Websense software requires HTTP proxy or direct downloads. NOTE: If necessary, disable packet inspection for the Master Database file called websense, located in the Websense bin directory (C:\Program Files\Websense\bin or /opt/Websense/bin/, by default).
Transparent Identification Agents (optional)
DC Agent 30600 DC Agent listens to User Service and Filtering Service on port 30600. DC Agent may also use ports 137, 138, 139, and 445 (TCP and UDP) to contact your domain controllers and to perform workstation polling.
eDirectory Agent 30700 Filtering Service and User Service use this port to connect to the eDirectory Agent.
Logon Agent 30602 Filtering Service and User Service use this port to connect to the Logon Agent.
Logon Agent Authentication 15880 Logon Agent uses this HTTP port for authentication.
RADIUS Agent 30800 RADIUS Agent uses this port to connect to Filtering Service. RADIUS Agent also uses this port for authentication and accounting requests from RADIUS Client.
Policy Broker Communications
Policy Broker 55880

Policy Broker uses this port to receive requests and communicate information to other Websense software components.

Policy Database 6432
7432

Policy Broker uses these ports to query and receive information from the Policy Database.

Reporting Components
Log Server 55805 Log Server listens on this port. Filtering Service sends records about internet and protocol activity to Log Server, which then transmits the data to the Log Database for reporting.
SNMP Alerts 162 Log Server listens on this port for information from Filtering Service, and then sends SNMP alerts.
Log Database (install) 1433 TRITON - Web Security uses port 1433 is used during installation for communication with Microsoft SQL Server or MSDE. If your network includes multiple SQL Server or MSDE instances, a different port may be used. Check your MSDE or SQL Server configuration to verify the port.
Remote Filtering Components
Remote Filtering Server 40000
15868
15871
55880
55806
15880

During installation, Remote Filtering Server uses these ports to communicate with Policy Server, Policy Broker, and Filtering Service.

Policy Server 55825

Policy Server uses this port to connect to Remote Filtering Server during installation.

   

 

Policy Server Communications
Communication 55806

Policy Server uses this port for communication with other Websense components.

Communication 55825

This port is used for communication with Policy Server during Websense component installation.

Other Websense Software Components
User Service 55815 By default, User Service listens on this port for other Websense components to connect. User Service typically uses port 3268, 3269 (if SSL is required), or 389 to contact your global catalog servers. This port is defined in TRITON - Web Security (go to Settings > Directory Services).
Secure Communication 40000 When secure communication is required between 2 Websense software components, this port is used.
TRITON - Web Security Settings (default ports)
Active Directory Global Catalog Server 3268
3269
389

Policy Server uses this port to communicate with the Active Directory global catalog. The port setting depends on your configuration:

  • 3268 for non-SSL communication
  • 3269 for SSL communication
  • 389 for child domains
Novell eDirectory Server 389
636

Policy Server uses this port to communicate with the Novell eDirectory Server. The port setting depends on your configuration:

  • 389 for non-SSL communication
  • 636 for SSL communication
Sun Java System Directory 389
636

Policy Server uses this port to communicate with the Sun Java System Directory. The port setting depends on your configuration:

  • 389 for non-SSL communication
  • 636 for SSL communication
Linking Service
Communication 56992 Linking Service uses this port to communicate user data and URL category information to data security components.
Filtering Service 15868 Linking Service uses this port to request URL category information from Filtering Service.
Linking 7443 This port is used to establish or close a link between Websense data and Web security components.
Directory Agent
Communication 55900 In Websense Web Security Gateway Anywhere deployments, Directory Agent uses this port to communicate user and group information to Sync Service for transmission to the hybrid service.
Directory Agent Diagnostics 55901 Websense Technical Support can use this port to troubleshoot Directory Agent problems.
Sync Service Communication 55830 In Websense Web Security Gateway Anywhere deployments, Sync Service uses this port to send information to and receive information from the hybrid service.
Third-Party Integration Products
Microsoft ISA Server 8080
15871
15868
  • If applicable, the Master Database download passes through this port of the proxy server or firewall.

             NOTE: If other applications use this default port, use port 8081 instead.

  • 15871 Allows access to Websense block page.
  • 15868 Lookup requests sent to Websense Filtering Service.
Squid Proxy Server 3128
  • 3128 If applicable, the Master Database download passes through this proxy port.
  • 15871 Allows access to Websense block page.
  • 15868 Lookup requests sent to Websense Filtering Service.

 



Article Rating:

Do you have any additional feedback?    close

How are we doing?

Provide us feedback on your experience with the Service Request portal.

provide feedback >