Discovery Port Configurations

Modified on: Tue, 31 Mar, 2026 at 3:35 PM

Different discovery methods use different ports. Open only the required ports between the Remote Collector (RC) and target systems.

Restrict access to these ports using VLANs to ensure that only RCs can communicate with target systems and don't allow unrestricted access from all systems.

Agent-based discovery does not require these ports to be opened. Agents only need to communicate with the Remote Collector and do not need direct communication with the cloud. Direct cloud communication is optional but using an RC is recommended for controlled environments.

The following table provides a complete reference of ports that may be used to access target systems during discovery, including their direction of communication.

Source	Default Port	Protocol	Directionality	Reason
Remote Collector(s) (RC)	53 (TCP)	DNS	RC to targets	DNS Zone Discovery
Remote Collector(s) (RC)	623 (UDP)	IPMI	RC to targets	IPMI based discovery of management interfaces
Remote Collector(s) (RC)	22 (TCP)	SSH	RC to targets	SSH based discovery of Linux and Unix systems
Remote Collector(s) (RC)	161 (UDP)	SNMP	RC to targets	SNMP discovery of network equipment and connections, and any management interfaces
Remote Collector(s) (RC)	443 (TCP)	APIs SMIS	RC to targets	Hypervisor, Cloud and Cisco ACI/UCS Discovery
Remote Collector(s) (RC)	80/443 (TCP) 5988/5989 (TCP)	APIs	RC to targets	Storage Discovery
Windows Discovery Service (WDS)	443 (TCP)	HTTPS	WDS to RC	Connection from WDS to Remote Collector
Windows Discovery Service (WDS)	135 (TCP) 137 (UDP) 139 (TCP) 445 (TCP) 1024-65535 (TCP)	WMI	WDS to targets	WMI based discovery of Windows infrastructure
Windows Discovery Service (WDS)	5985 (TCP) 5986 (TCP)	WinRM	WDS to targets	WinRM discovery of Windows infrastructure