Security, Internet Access, and Communication Ports
To safeguard the ASA FirePOWER module, you should install it on a protected internal network. Although the ASA FirePOWER module is configured to have only the necessary services and ports available, you must make sure that attacks cannot reach it from outside the firewall.
Also note that specific features of the ASA FirePOWER module require an Internet connection. By default, the ASA FirePOWER module is configured to directly connect to the Internet. Additionally, the system requires certain ports remain open for secure appliance access and so that specific system features can access the local or Internet resources to operate correctly.
Internet Access Requirements
By default, the ASA FirePOWER module is configured to directly connect to the Internet on ports 443/tcp (HTTPS) and 80/tcp (HTTP), which are open by default on the ASA FirePOWER module; see Communication Ports Requirements.
intrusion rule, VDB, and GeoDB updates
download or schedule the download of a intrusion rule, GeoDB, or VDB update directly to an appliance.
perform malware cloud lookups.
Security Intelligence filtering
download Security Intelligence feed data from an external source, including the Intelligence Feed.
download or schedule the download of a system update directly to an appliance.
download cloud-based URL category and reputation data for access control, and perform lookups for uncategorized URLs.
Communication Ports Requirements
- access to an appliance’s user interface
- secure remote connections to an appliance
- certain features of the system to access the local or Internet resources they need to function correctly
In general, feature-related ports remain closed until you enable or configure the associated feature.
![]()
For example, closing port 25/tcp (SMTP) outbound on a manage device blocks the device from sending email notifications for individual intrusion events (see Configuring External Alerting for Intrusion Rules).
The following table lists the open ports required so that you can take full advantage of ASA FirePOWER module features.