Access Requirements
Your OT Security Sensor deployment must meet the following requirements.
You must have internet access to download Tenable Core files and perform online installs.
After you transfer a file to your machine, internet access requirements to deploy or update Tenable Core vary depending on your environment.
Note: You need to be able to reach appliance.cloud.tenable.com to install from the online ISOs (and to get online updates) and sensor.cloud.tenable.com to pick up scan jobs.
Environment | Tenable Core Format | Internet Requirement | |
---|---|---|---|
Virtual Machine | VMware | .ova file | You do not need internet access to deploy or update Tenable Core. |
Microsoft Hyper-V | .zip file | ||
Cloud | Amazon Web Services (AWS) | n/a | Requires internet access to deploy or update Tenable Core. |
Cloud | Microsoft Azure | n/a | |
Hardware | .iso image | Requires internet access to install or update Tenable Core. |
Tip: You do not need access to the internet when you install updates to OT Security Sensor via an offline .iso file. For more information, see Update Tenable Core Offline.
Your Tenable Core deployment requires access to specific ports for inbound and outbound traffic.
Inbound Traffic
Allow inbound traffic to the following ports listed.
Note: Inbound traffic refers to traffic from users configuring Tenable Core, etc.
Port | Traffic |
---|---|
TCP 22 | Inbound SSH connections. |
TCP 8000 |
Inbound HTTPS communications to the Tenable Core interface. |
TCP 8090 |
Inbound HTTPS communications for restoring backups. Inbound communications with the file upload server. |
Outbound Traffic
Allow outbound traffic to the following ports listed.
Port | Traffic |
---|---|
TCP 22 | Outbound SSH connections, including remote storage connections. |
TCP 443 | Outbound communications to the appliance.cloud.tenable.com and sensor.cloud.tenable.com servers for system updates. |
UDP 53 | Outbound DNS communications for OT SecurityTenable OT Security Enterprise Manager and Tenable Core. |