vScope communicates using several different APIs and protocols. Below is a description of what ports that needs to be open in your firewall(s) to make vScope work.
Accessing vScope
During the installation you may select any port to be used to access your vScope via your browser (default: 80). If you are using proxies you may also choose what port to use for communication with vScope Master (default: 4445).
Identifying targets – Port scan
If you are adding ranges to be inventoried vScope will search ranges using a custom port scan to identify if there are any available targets.
- 22, SSH
- 135, RPC
- 80, HTTP
- 443, HTTPS
- 445, SMB
- 8080, HTTP
- 139, NetBIOS
- 3389, RDP
- 1433, MSSQL
- 3306, MySQL
- 5985, WS-Management / PowerShell
- 5986, WS-Management / PowerShell
You may disable this feature:
Probes – Collecting information
Probes are used to collect data used in vScope. Only the probes that you choose to enable will be used during Discovery. You may also configure custom ports to be used. Here is the default setting:
- Amazon Web Services API (AWS)
- HTTPs (TCP 443) (external target)
- HTTP
- 80, 8080, 443 and 8443
- LDAP
- 389 (Plain), 636 (LDAPS), 389 and 636 (StartTLS)
- Microsoft Azure
- HTTPs (TCP 443) (external target)
- Microsoft Hyper-V
- Uses WMI, see above or VMM Port 5985 (http) / 5986 (https)
- Microsoft SQL
- Default instance (TCP 1433), SQL Server Browser service (UDP 1434). Other instances: random assigned port
- MySQL
- default (TCP 3306)
- NetApp API
- HTTP (TCP 80) / HTTPS (TCP 443)
- SMI-S default ports
- TCP port 5988 or TCP port 5989
- SNMP
- SNMP (UDP 161), secure-SNMPv3 (UDP 10161)
- SSH
- SSH (TCP 22)
- VMware ESXi & vCenter
- HTTPs (TCP 443)
- WinRM
- Default TCP ports: 5985 for HTTP and 5986 for HTTPS.
- TCP and UDP 88: Kerberos ticket request and response
- Without this port open you might get “Access denied” errors in Discovery Manager.
- WMI
- Initiate session on DCOM (TCP 135) and then continues on random port between 49152-65535. For older versions of Windows (XP & 2003): TCP port 445 & TCP port 139. Windows 2000, Windows XP, and Windows Server 2003 use random port in the range 1025-5000 after initiated session.
There are ways to force Windows to use specific ports. See link Microsoft Developer Network – Setting Up a Fixed Port for WMI
- Initiate session on DCOM (TCP 135) and then continues on random port between 49152-65535. For older versions of Windows (XP & 2003): TCP port 445 & TCP port 139. Windows 2000, Windows XP, and Windows Server 2003 use random port in the range 1025-5000 after initiated session.
vScope’s communication with InfraSight Labs
vScope requires Internet connectivity to communicate with InfraSight Labs’ support systems
- License & Billing account: https://account.vscope.net/… (HTTPS, TCP 443)
- vScope software updates: https://dist.vscope.net (
Dynamic IP, CDN Amazon CloudFront) - Service functions like Report bug/Secure upload and heartbeat: https://status.vscope.net/… (HTTPS, TCP 443)
- If you are using vScope’s default mail server for email settings you will also need to allow outgoing connection on TCP port 587 towards smtp.mailgun.org.)