Port Requirements
Tenable Security Center port requirements include Tenable Security Center-specific
Tenable Security Center
Your Tenable Security Center instances require access to specific ports for inbound and outbound traffic.
Inbound Traffic
You must allow inbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 22 | Performing remote repository synchronization with another Tenable Security Center. |
| TCP 443 |
Accessing the Tenable Security Center interface. Communicating with Tenable Security Center Director instances. Communicating with OT Security instances. Performing the initial key push for remote repository synchronization with another Tenable Security Center. Interacting with the API. |
| TCP 8837 | Communicating with Sensor Proxy. |
Outbound Traffic
You must allow outbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 22 |
Synchronizing repositories from other Tenable Security Center instances. |
| TCP 25 |
Sending SMTP email notifications. |
| TCP 389 | Communicating with customer-managed LDAP servers. |
| TCP 443 |
Communicating with Tenable One for synchronization. Communicating with the plugins.nessus.org server for plugin updates. |
| TCP 465 |
Sending SMTP email notifications. |
| TCP 587 |
Sending SMTP email notifications. |
| TCP 636 | Communicating with customer-managed LDAP servers. |
| TCP 8834 | Communicating with Tenable Nessus. |
| TCP 8835 | Communicating with Tenable Network Monitor. |
| UDP 53 |
Performing DNS resolution. |
Note: If your Tenable Security Center instance is not configured as an offline instance, you must also allow outbound traffic to the Tenable websites listed in the Which Tenable sites should I allow? article in the Knowledge Base.
SSL inspection on traffic to and from the Tenable update sites is not supported. While access to the update sites can be established, it may not be able to complete updates due to SSL inspection of the traffic.
Tenable Security Center Director
Your Tenable Security Center Director instances require access to specific ports for inbound and outbound traffic.
Inbound Traffic
You must allow inbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 22 | Performing remote repository synchronization with another Tenable Security Center. |
| TCP 443 |
Accessing the Tenable Security Center Director interface. Communicating with managed Tenable Security Center instances. Accessing the Tenable Security Center API interface. Performing automatic SSH key setup to synchronize remote repositories with another Tenable Security Center. |
Outbound Traffic
You must allow outbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 25 |
Sending SMTP email notifications. |
| TCP 443 |
Communicating with the plugins.nessus.org server for plugin updates. Performing automatic SSH key setup to synchronize remote repositories with another Tenable Security Center. |
| TCP 465 |
Sending SMTP email notifications. |
| TCP 587 |
Sending SMTP email notifications. |
| UDP 53 |
Performing DNS resolution. |
Note: If your Tenable Security Center Director instance is not configured as an offline instance, you must also allow outbound traffic to the Tenable websites listed in the Which Tenable sites should I allow? article in the Knowledge Base.
SSL inspection on traffic to and from the Tenable update sites is not supported. While access to the update sites can be established, it may not be able to complete updates due to SSL inspection of the traffic.
Your Tenable Nessus instances require access to specific ports for inbound and outbound traffic.
Inbound Traffic
You must allow inbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 8834 |
Accessing the Tenable Nessus interface. Communicating with Tenable Security Center. Interacting with the API. |
Outbound Traffic
You must allow outbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 25 |
Sending SMTP email notifications. |
| TCP 443 |
Communicating with Tenable Vulnerability Management (sensor.cloud.tenable.com or sensor.cloud.tenablecloud.cn). Communicating with the plugins.nessus.org server for plugin updates. |
| UDP 53 |
Performing DNS resolution. |
Your Tenable Agents require access to specific ports for outbound traffic.
Outbound Traffic
You must allow outbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 443 |
Communicating with Tenable Vulnerability Management. |
| TCP 8834 |
Communicating with Tenable Nessus Manager. Note: The default Tenable Nessus Manager port is TCP 8834. However, this port is configurable and may be different for your organization. |
| UDP 53 | External DNS support for the host that Tenable Agent is installed on. Several plugins use DNS resolution in their operation. |
Note: Operating system installation commands, such as dnf install, may require other connections besides Tenable Vulnerability Management or Tenable Nessus Manager. Consult your operating system administrator for more information.
Your Tenable Network Monitor instances require access to specific ports for inbound and outbound traffic.
Inbound Traffic
You must allow inbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 8835 |
Accessing the Tenable Network Monitor interface. Communicating with Tenable Security Center. |
Outbound Traffic
You must allow outbound traffic to the following ports.
| Port | Traffic |
|---|---|
| TCP 443 |
Communicating with Tenable Vulnerability Management (sensor.cloud.tenable.com or sensor.cloud.tenablecloud.cn). Communicating with the plugins.nessus.org server for plugin updates. |
| TCP 601 |
Communications for reliable TCP syslog forwarding. |
| UDP 53 |
Performing DNS resolution. |
| UDP 514 |
Communications for UDP syslog forwarding. |