EV Reach - Network Ports

Last modified on 2024/01/09 15:52

The EV Reach remote access software uses a set of network TCP port numbers to communicate. This article describes the ports used and their purpose.

Default EV Reach Ports

By default, EV Reach uses the following port numbers:

ServicePort NumberDescription
EV Reach Client Agent22000Port opened on all machines equipped with the EV Reach Client Agent. This port is used to communicate with the EV Reach management services of this node when the node is inside the network. External nodes do not use this port as all communication is outbound to the server.

Note: On Windows endpoints, the EV Reach Client service automatically configures the local Windows firewall to authorize communication to this port (configurable via policies).

EV Reach Server

(Optional)

22100Port opened on the EV Reach Server on the inside of your organization. This port is used by the EV Reach operator console and the EV Reach client agents to retrieve policies and push audits. This port must be accessible from all machines on the network (client and operator machines).
EV Reach Gateway Services

(Optional)

15155The EV Reach gateway service exposes two network ports. Once on the inside of your organization and one on the outside of your DMZ. These ports are used to manage endpoints over the internet. 

By default, both internal and external ports are configured to the same value.

Note: EV Reach may use ports required by Windows and Mac for agent management such as SMB or SSH. For more information, see the EV Reach Security White Paper

Changing Port Numbers

You can change the default port numbers used by EV Reach to a value of your choosing.

Changing Client Agent Communication Port

The recommended method to change the communication port used by the client agent is via a Group Policy Object, or via a EV Reach Server Policy. However, you can also manually configure this port.

Changing Agent Port via a GPO

Once you have uploaded the provided EV Reach Group Policy Administrative Templates onto your Active Directory, expand:

  • Computer Configuration > Policies > Administrative Templates
    • EV Reach Global Policies
      • EV Reach Client Agents Settings
        • TCP Socket Ports used by the EV Reach Client Agents

Changing Agent Port via a Global Policy

Select the Global Policies tab of your EV Reach Server, then drag and drop the EV Reach Agents Configuration policy set into the All Users & Devices node in the main view. Then configure the desired communication port.

Changing Agent Port Manually

The agent port can manually be changed using the locally installed Windows Control Panel Applet or the MacOS EV Reach App.

For Windows:

  • On the client machine side, open the Windows Control Panel > System and Security > EV Reach Client Configuration Control Panel applet, then change the Management Port setting.

For MacOS

  • On the client machine side, search for the EV Reach Client application and change the Management Port setting.

The agent port must also be changed on the EV Reach operator side

  • On the EV Reach operator side, open Application > General Settings > Reach Client Agents and match the Agent communication port.

Changing the EV Reach Server Ports

The EV Reach Server default ports can be configured during the configuration of the server.

  • Open the Application > Server Configuration > Server Settings to change the port used for policies and audits.
  • Open the Application > Server Configuration > Reach Gateway Service to change the ports used for gateway communications.
Tags:
Powered by XWiki © EasyVista 2024