Kaseya Community

Sonicwall and Kaseya

This question is not answered

Hi All,

From my understanding Kaseya uses random ports from 1024 - 65535 for both inbound and outbound traffic from the client end.  I have a client that has a Sonicwall TZ100.  At the moment I have had to open all those ports for Kaseya to work and the client is wondering why they bothered spending the NZ$1000 approx on a firewall if it is open to the world.  Is there some way to mitigate this issue or is Kaseya truely this lacking in security awareness?

All Replies
  • Well, the agent used 5721 TCP outgoing. That is the destination port. The source port however like most other applications, uses a random source port. So unless you actually have LAN > WAN locked down where you have to specify every port that goes out, this shouldn't be an issue.

    On the receiving end where the Kaseya server resides, you need to have 5721 opened up for inbound traffic. That's pretty much it.....

    Are you saying that is not the behavior you are seeing?

  • HarryNZ, if you enable consistent NAT under the VOIP settings, then disable the firewall/nat rules that you created, does Liveconnect work then?

  • We recently upgraded to K2 and now we find some of our SonicWALL sites have difficulty installing the agent or cannot even login to the K2 portal.

    All our sites are a mixture of SonicWALL, so I'm curious to know if this topic was ever answered & resolved.

  • We use K2 and have for the last year, we have always been a sonicwall reseller and they are still our most commonly used FW devices, there is no general problem with compatibility between K2 and Sonicwall which we are aware of.

  • We havent seen a problem either.  Since the sonic walls are statefull firewalls all agents go out by default.  

  • from the documentation

    Ports Required

    For a KLC session to be established, at a minimum, both the Administrator and Agent

    workstations must be able to reach the VSA on TCP port 5721.

    Once the initial connection is made, for a P2P connection, both endpoints attempt to reach

    the VSA at UDP 5721 and Kaseya’s STUN server at UDP stun.kaseya.net:5721 (IP address The local originating port from the workstation used for these queries will be in

    the range 5721 to 5771.