Communication and Network Requirements
As a network application, Tenable Patch Management (TPM) requires specific ports to facilitate communication between the server and in-scope devices, as well as communication between the devices themselves.
The Tenable Patch Management client and server installation wizards will create firewall rules for communication between clients and servers. If you have a firewall appliance between servers and client, you may need to manually configure rules to allow communication. Use the following tables to configure your firewall rules.
TPM server port configuration
The Tenable Patch Management server needs to be configured with the following inbound and outbound ports.
| Port | Protocol | Direction | Process | Description |
|---|---|---|---|---|
| 34322 | UDP | Inbound | AdaptivaClientService.exe | Messages from client to server. |
| 34323 | UDP | Inbound | AdaptivaClientService.exe | Acknowledgements from the server and client. |
| 34324 | UDP | Inbound | AdaptivaClientService.exe | Replies from the server and clients. |
| 34325 | UDP | Inbound | AdaptivaClientService.exe | Messages from server to client. |
| 34329 | UDP | Inbound | AdaptivaClientService.exe | All broadcast messages from client to client. |
| 34546 | UDP | Inbound | AdaptivaClientService.exe / and the system process | Transfer control port and IP2P control signals. |
| 34750 | UDP | Inbound | AdaptivaClientService.exe and the system process | All WAN or Internet Peer to Peer content transfers. |
| 34760 | UDP | Inbound | AdaptivaClientService.exe and the system process |
All LAN content transfers. |
| 34760 | TCP | Inbound | N/A | The port used by TenablePatchP2PClientInstaller.msi. |
| N/A | ICMP | Inbound | N/A | ICMP (ping) requests to determine latency to Adaptiva Cloud Services relays. |
| 80 | HTTP | Outbound | AdaptivaServerService.exe / AdaptivaClientService.exe | Operations Manager and Cloud Relay Servers which relay client messages between Internet-based clients and the on-premises server. |
| 443 | HTTP | Outbound | AdaptivaServerService.exe / AdaptivaClientService.exe | ICMP (ping) requests to determine latency to Adaptiva Cloud Services relays. |
| 3478 | UDP | Outbound | AdaptivaClientService.exe | STUN requests to Cloud Relay Servers to determine public IP address |
| 34322 | UDP | Outbound | AdaptivaClientService.exe | Messages from client to server.. |
| 34323 | UDP | Outbound | AdaptivaClientService.exe | Acknowledgements from the server and client. |
| 34324 | UDP | Outbound | AdaptivaClientService.exe | Replies and acknowledgements from server to client |
| 34325 | UDP | Outbound | AdaptivaClientService.exe | Messages sent from server to client.. |
| 34545 | UDP | Outbound | System | Content transfer control port. |
| 34760 | UDP | Outbound | System | Content sent from server to client. |
.
TPM client port configuration
Devices need to be configured with the following inbound and outbound ports.
| Port | Protocol | Direction | Listening Process | Description |
|---|---|---|---|---|
| 34324 | UDP | Inbound | AdaptivaClientService.exe | Replies from the server and clients. |
| 34325 | UDP | Inbound | AdaptivaClientService.exe | Messages from server to client. |
| 34329 | UDP | Inbound | AdaptivaClientService.exe | All broadcast messages from client to client. |
| 34545 | UDP | Inbound | AdaptivaServerService.exe | Content transfer control port. |
| 34546 | UDP | Inbound | AdaptivaClientService.exe / and the system process | Content transfer control port. |
| 34750 | UDP | Inbound | AdaptivaClientService.exe and the system process | All WAN or Internet Peer to Peer content transfers. |
| 34760 | UDP | Inbound | AdaptivaClientService.exe and the system process |
All LAN content transfers. |
| 34760 | TCP | Inbound | N/A | The port used by TenablePatchP2PClientInstaller.msi. |
| N/A | ICMP | Inbound | N/A | ICMP (ping) requests to determine latency to Adaptiva Cloud Services relays. |
| 80 | HTTP | Outbound | AdaptivaClientService.exe | Operations Manager and Cloud Relay Servers which relay client messages between Internet-based clients and the on-premises server. |
| 443 | HTTP | Outbound | AdaptivaClientService.exe | Operations Manager, Cloud Relay servers and patch content locations on a content delivery network (CDN). |
| 3478 | UDP | Outbound | AdaptivaClientService.exe | STUN requests to Cloud Relay Servers to determine public IP address |
| 34322 | UDP | Outbound | AdaptivaClientService.exe | Messages from client to server. |
| 34323 | UDP | Outbound | AdaptivaClientService.exe | Acknowledgements from the server and client. |
| 34545 | UDP | Outbound | System | Content transfer control port. |
Internet Destinations
| Ports | Source | Destination | Description |
|---|---|---|---|
| http/https (TCP port 80, 443) ICMP, UDP 3478 | TPM Server and Internet-based Clients |
*.Adaptiva.cloud *.opendns.com |
Adaptiva Services |
| https (TCP port 443) | TPM Server and Internet-based Clients | *.Adaptivacdn.cloud | Adaptiva CDN |
| https (TCP port 443) | TPM Server | api.sendgrid.com api.twilio.com | Approval messaging, email and SMS messaging. |
| https (TCP port 443) | TPM Server | cloud.tenable.com | Tenable Patch Management |
The following link provides a list of IP Addresses for *.adaptiva.cloud Relay Servers that can whitelisted in your firewall, if whitelisting by FQDN or wildcard is not supported in your firewall: https://adaptiva.com/hubfs/AdaptivaCloudServicesIPAddresses.txt
Adaptiva.cloud Server names are available here: https://support.adaptiva.com/hc/en-us/articles/14971450276877-Adaptiva-Cloud-Services-Planned-Outages