Port Requirements

Tenable.sc port requirements include Tenable.sc-specific and application-specific requirements.

Tenable.sc

Your Tenable.sc instances require access to specific ports for inbound and outbound traffic.

Inbound Traffic

You must allow inbound traffic to the following ports.

Port Traffic
TCP 22 Performing remote repository synchronization with another Tenable.sc.
TCP 443

Accessing the Tenable.sc interface.

Communicating with Tenable.sc Director instances.

Communicating with Tenable.ot instances.

Performing the initial key push for remote repository synchronization with another Tenable.sc.

Interacting with the API.

Outbound Traffic

You must allow outbound traffic to the following ports.

Port Traffic
TCP 22 Communicating with LCE for event query.
TCP 25

Sending SMTP email notifications.

TCP 443

Communicating with Tenable.io.

Communicating with Lumin for synchronization.

Communicating with the plugins.nessus.org server for plugin updates.

TCP 1243 Communicating with Log Correlation Engine.
TCP 8834 Communicating with Nessus.
TCP 8835 Communicating with Nessus Network Monitor.
UDP 53

Performing DNS resolution.

Nessus Scanner

Your Nessus instances require access to specific ports for inbound and outbound traffic.

Inbound Traffic

You must allow inbound traffic to the following ports.

Port Traffic
TCP 8834

Accessing the Nessus interface.

Communicating with Tenable.sc.

Interacting with the API.

Outbound Traffic

You must allow outbound traffic to the following ports.

Port Traffic
TCP 25

Sending SMTP email notifications.

TCP 443

Communicating with Tenable.io.

Communicating with the plugins.nessus.org server for plugin updates.

UDP 53

Performing DNS resolution.

Performing malware scans.

Nessus Agent

Your Nessus Agents require access to specific ports for outbound traffic.

Outbound Traffic

You must allow outbound traffic to the following ports.

Port Traffic
TCP 443

Communicating with Tenable.io.

Communicating with the plugins.nessus.org server for plugin updates.

TCP 8834 Communicating with Nessus Manager for plugin updates.
UDP 53

Performing DNS resolution.

Nessus Network Monitor

Your Nessus Network Monitor instances require access to specific ports for inbound and outbound traffic.

Inbound Traffic

You must allow inbound traffic to the following ports.

Port Traffic
TCP 8835

Accessing the Nessus Network Monitor interface.

Communicating with Tenable.sc.

Outbound Traffic

You must allow outbound traffic to the following ports.

Port Traffic
TCP 443

Communicating with Tenable.io.

Communicating with the plugins.nessus.org server for plugin updates.

TCP 601

Communications for reliable TCP syslog forwarding.

UDP 53

Performing DNS resolution.

UDP 514

Communications for UDP syslog forwarding.

Log Correlation Engine

Your LCE and LCE client instances require access to specific ports for inbound and outbound traffic.

Inbound Traffic

You must allow inbound traffic to the following ports.

Port Traffic
LCE
TCP 22 Communicating with Tenable.sc for LCE event query.
TCP 601

Communications for reliable TCP syslog forwarding.

TCP 1243 Communicating with Tenable.sc for LCE event vulnerability import.
TCP 8836

Accessing the LCE interface.

TCP 31300 Communicating with LCE clients.
UDP 162 Communicating with SNMP server for receiving SNMP traps.
UDP 514

Communications for UDP syslog forwarding.

LCE Client
TCP 1468 Communications between network devices and the Tenable Network Monitor.
TCP 9800 Communications between Splunk and the LCE Splunk Client.
TCP 18185 Communications between Check Point firewalls and the LCE OPSEC Client.
UDP 514 Communications between network devices and the Tenable Network Monitor.
UDP 2055 Communications between routers and the Tenable NetFlow Monitor.

Outbound Traffic

You must allow outbound traffic to the following ports.

Port Traffic
LCE
TCP 25

Sending SMTP email notifications.

TCP 443

Communicating with Tenable.io.

Communicating with the plugins.nessus.org server for plugin updates.

TCP 601

Communications for reliable TCP syslog forwarding.

UDP 53

Performing DNS resolution.

UDP 514

Communications for UDP syslog forwarding.

LCE Client
TCP 135 Communicating with the targets of the LCE WMI Monitor Client.
TCP 443

Communicating with the web host of the LCE Web Query Client.

TCP 445 Communicating with the targets of the LCE WMI Monitor Client.
TCP 31300 Communicating with LCE.