I have have searched high and low via Google and within cisco.com for the answer to this, but can not seem to find it documented anywhere. I am attempting to identify all ports that are required to manage the a Cisco IPS so that I can open up the firewalls. It is my understanding that the ports below are required, but I am not sure if I am missing anything, please see below:
TCP 22: Source => Sensor Admin
TCP 443: Source => Sensor Admin
UDP 123: Sensor Admin => NTP Server
Am I missing anything? Thank you!
Additionally, if you plan to use SNMP, you will need to allow UDP/161 and UDP/162 between the sensor and your management station.
Cisco TAC IDS Team
**Please check out our Podcast**
TAC Security Show: http://www.cisco.com/go/tacsecuritypodcast
If you will be making use of automatic updates for signatures and global correlation updates you will also need to allow the IPS management IP address access on TCP 80 (signature and GC updates) and UDP 53 (GC updates).