Port access requirements
N-central Server
Access must be permitted to the following ports:
| Port Number | Port Location | Description | |||||
|---|---|---|---|---|---|---|---|
| N-able N-central Server | Managed Device | ||||||
| Inbound | Outbound | Inbound | Outbound | ||||
| 20 |
|
Ö |
|
|
Used for FTP connections, particularly when configured for backups. |
||
|
21 |
|
Ö |
|
|
Used for FTP connections, particularly when configured for backups. | ||
|
22 |
Ö |
|
|
Ö |
SSH - used for remote control sessions. The firewall must be configured to allow access from the Internet to this port on the N-able N-central server. |
||
|
25 |
|
Ö |
|
|
SMTP - used for sending mail. |
||
|
53 |
|
Ö |
|
|
Used for DNS. |
||
|
80 |
Ö |
Ö |
|
Ö |
HTTP - used for communication between the N-able N-central and agents or probes. N-able N-central recommends that you block all access from the internet to this port on the N-able N-central server, unless it is absolutely required. This port may be closed in a future release. This port must also be open for outbound traffic if the N-able N-central server is monitoring HTTP services on remote managed devices. |
||
|
123 |
|
Ö |
|
|
Used by the NTP Date service which keeps the server clock synchronized. Normally using UDP (although some servers can use TCP). |
||
|
135 |
|
|
Ö |
|
Used by Agents and Probes for WMI queries to monitor various services. Inbound from the Windows Probe to the Windows Agent. |
||
|
139 |
|
|
Ö |
|
Used by Agents and Probes for WMI queries to monitor various services. Inbound from the Windows Probe to the Windows Agent. |
||
|
443 |
Ö |
Ö |
|
Ö |
HTTPS - used for communication between N-able N-central and Agents or Probes (including MSP Connect and MSP Anywhere). Your firewall must be configured to allow access from the Internet to this port on the N-able N-central server. This port must be open for outbound traffic if the N-able N-central server is monitoring HTTPS services on remote managed devices. Backup Manager on endpoint devices uses Port 443 TCP outbound. It is almost always open on workstations but may be closed on servers. Used by Agents and Probes as a failover for XMPP traffic when they cannot reach N-centralon port 5280. To activate EDR the N-able N-central server needs outbound HTTPS access to port 443 and the following domains:
Pendo allows us to provide in-UI messaging and guides when there are important changes, new features onboarding, or other critical messages that we need to tell you about. You can gain access to these important messages, and help us make important design decisions from usage data, by allowing outbound HTTPS/443 access from your N-central server to the following URLs:
|
||
|
445 |
|
|
Ö |
|
Used by Agents and Probes for WMI queries to monitor various services. |
||
|
1234 |
Ö |
Ö |
Used by MSP Connect in UDP mode. |
||||
|
1235 |
Ö |
Ö |
|||||
|
1433 |
|
* |
* |
* |
Outbound on the N-able N-central server, port 1433 is used by Report Manager for data export. On managed devices, it is also used by Agents (inbound) and Probes (out- bound) to monitor Backup Exec jobs. Inbound from the local LAN and not the Internet. |
||
|
|||||||
|
5000 |
Ö |
Backup Manager will use local port 5000. If this port is unavailable, Backup Manager will detect a free port automatically (starting from 5001, 5002 and up). |
|||||
|
5280 |
Ö | Ö |
Used by Agents and Probes for XMPP traffic. Outbound access to port 5280 for Managed Devices is recommended but not required. |
||||
|
8014 |
|
|
Ö |
|
Backup Manager requires access to port 8014. This value cannot be modified. Inbound from the local LAN and not the Internet. |
||
|
8443 |
Ö |
Ö |
|
Ö |
The default port for the N-central UI. TCP port 8443 is used for TLS (HTTPS) connections to the N-central Web UI. Your firewall may be configured to allow access from the internet to this port on the N-able N-central server, if you require Web UI access outside of the network N-central is deployed to. You can change this port number in the N-central Administrator menu, under "Network Setup". |
||
| 8800 | Ö |
The Feature Flag System in N-able N-central needs to talk to mtls.api.featureflags.prd.sharedsvcs.system-monitor.com. Used by N-able – generally during Early Access Preview and Release Candidate testing – to enable and disable features within N-able N-central.
|
|||||
|
10000 |
Ö |
|
|
|
HTTPS - used for access to the N-able N-central Administration Console (NAC). The firewall must be configured to allow access from the Internet to this port on the N-able N-central server. N-able recommends excluding all other inbound traffic to port 10000 except from N-able Ports for Support section below. |
||
|
10004 |
|
|
Ö |
Ö |
N-able N-central Agents must be able to communicate with a Probe on the network over port 10004 in order for Probe caching of software updates to function properly. Inbound from the local LAN and not the Internet. |
||
|
15000 |
|
|
Ö |
Ö |
For downloading software patches, port 15000 must be accessible for inbound traffic on the Probe device while it must be accessible for outbound traffic on devices with Agents. Inbound from the local LAN and not the Internet. |
||