Deep Security 10.3 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Automatic configuration of iptables
When installed on Linux, Deep Security Manager and Deep Security Agent can automatically modify the host iptables to enable communication on specific ports. Rules are added only when the iptables service is running.
Rules are added to iptables when the manager or agent is installed or started. The rules are removed when they are stopped or uninstalled. The state of the iptables service (running or off) is not changed at any time.
For a complete list of ports used in Deep Security, see Port numbers.
Rules added for a manager
Rules are added on the manager computer to enable connections from web browsers (port 4119 by default) and for listening for agent heartbeats (port 4120 by default).
Rules added for an agent
When required, rules are added on the agent computer when manager-initiated or bidirectional communications are used (port 4118 by default). When the agent is acting as a relay, a rule is added for distributing updates (port 4120 by default).
You can prevent the agent from modifying iptables if you would rather manually add the required rules. To prevent the automatic modification of iptables, create the following file on the agent computer:
/etc/do_not_open_ports_on_iptables