This document outlines the network ports and communication paths used by Tenable.sc, Tenable.io, Nessus, Nessus Agent, and Tenable Appliance. Tenable.sc requires outbound access on ports 25, 465, 514, 22, 1243, 8834, 636, 3268 and 443 to communicate with email servers, syslog servers, log correlation engines, Active Directory servers, Nessus scanners, and Tenable's cloud services. Nessus scanners require outbound access to all ports when scanning and inbound access on port 8834 for management. Nessus Agents require outbound access on ports 443 and 8834 to connect to cloud services and Nessus managers.
This document outlines the network ports and communication paths used by Tenable.sc, Tenable.io, Nessus, Nessus Agent, and Tenable Appliance. Tenable.sc requires outbound access on ports 25, 465, 514, 22, 1243, 8834, 636, 3268 and 443 to communicate with email servers, syslog servers, log correlation engines, Active Directory servers, Nessus scanners, and Tenable's cloud services. Nessus scanners require outbound access to all ports when scanning and inbound access on port 8834 for management. Nessus Agents require outbound access on ports 443 and 8834 to connect to cloud services and Nessus managers.
This document outlines the network ports and communication paths used by Tenable.sc, Tenable.io, Nessus, Nessus Agent, and Tenable Appliance. Tenable.sc requires outbound access on ports 25, 465, 514, 22, 1243, 8834, 636, 3268 and 443 to communicate with email servers, syslog servers, log correlation engines, Active Directory servers, Nessus scanners, and Tenable's cloud services. Nessus scanners require outbound access to all ports when scanning and inbound access on port 8834 for management. Nessus Agents require outbound access on ports 443 and 8834 to connect to cloud services and Nessus managers.
Inbound TCP 443 Tenable.sc users HTTPS for Web Browser GUI
Outbound TCP 8834 Nessus Scanner XML RPC for scanning
Outbound TCP 636 AD Server AD LDAP authentication
Outbound TCP 3268 AD Server AD LDAPS authentication
Outbound TCP 443 *cloud.nessus.com tenable.io link to Tenable.sc
Outbound TCP 443 * cloud.nessus.com Access for plugin updates
Tenable.io
Flow Direction Port Communicates to Purpose
Outbound TCP 443 *cloud.tenable.com Cloud-based scanning of Public routable IP
Nessus
Flow Direction Port Communicates to Purpose
Outbound TCP 1-65535 Scan targets Nessus must have full visibility to all ports on all IPs which will be scanned. Inbound TCP 8834 Management To manage the Nessus scanner
Inbound TCP 8834 Tenable.sc Communication between scanners and Tenable.sc
Outbound TCP 443 *cloud.tenable.com Communication between scanners and t.io
Nessus Agent
Flow Direction Port Communicates to Purpose
Outbound TCP 443 *cloud.tenable.com To manage the Nessus Agent.
Outbound TCP 8834 Nessus Manager To manage the Nessus Agent
Tenable Appliance
Flow Direction Port Communicates to Purpose
Inbound TCP 8000 Nessus Appliance HTTPS for Web Browser GUI for Appliance Management