Hey,
I try to install the GravityZone - Bitdefender antivirus in my network.
The NethServer server blocks my ports. Antivirus does not connect with the cloud.
I need to open ports: 80, 443, 8443, 7074.
The first two look open. I’m trying to do it through PortForwarding.
Unfortunately it does not work. Maybe a command line?
Can anyone help? NethServer always surprises me with something 
Install on what kind of computer? On NethServer?
Port forwarding is for publish/expose a service on public IP.
I think you should allow that ports in firewall for outgoin connection
If I understand you correctly you need to open the ports on Nethserver to portforward to it from your router to let bitdefender reach your server:
config set fw_bdnet service status enabled TCPPorts 8443,7074 access green
signal-event firewall-adjust
http://docs.nethserver.org/projects/nethserver-devel/en/v7/services.html#add-a-new-network-service
No. Installs from a PC. The PC is “Relay”. He will be sending packages.
But that is not the point.
A single instalation does not connect with the cloud. I did the test. I connected the computer to the LTE network. And everything works.
NethServer blocks my anti-virus. Sure ports.
Could it be you need some more ports? (outgoing should work by default)
https://www.bitdefender.com/support/gravityzone-communication-ports-1132.html
The Nethserver docs for port forwarding:
http://docs.nethserver.org/en/v7/firewall.html#port-forward
Did you configure Nethserver firewall to generally block all outgoing traffic or do you use a proxy or some web filter/reputation thing?
I have not changed anything.
The server works as DHCP, network filter and samba.
I saw this list. Maybe I need to add more ports? The producer notes that it requires these 4 ports from the first post.
I have to move now. So the conversation will be limited. Of course, I will read all suggestions!
Do you mean web content filter?
It has an option to block access to web sites using IP. Some antivirus get their updates via direct access to IP so deactivating it may help:
Can you check which ports are used incoming/outgoing via /var/log/firewall.log to see which ports are blocked?
You may also check it on your computer with LTE.
Sorry, I still don’t get how this Gravityzone thing works. Is it just an antivirus client or does it have an internal management server which needs the open ports for internal network?
Hi @Manonthemoon_AK,
Hi @mrmarkuz,
For his version of Bitdefender GravityZone, the management is on cloud.
On computers (WSs, Servers, …) must be installed a “client”.
The update of the client is done from Cloud. Also, the client communicate all time with the Management Console from Cloud.
Usual, during installation of the client, the installer software automatically open local firewall ports for communication with the Cloud. Connecting the WS direct to LTE, the client communicate with the Cloud. So, is not a WS issue.
Check the outbound path on NS (also @pike suggested that):
For testing only, create an “any to any” rule, from GREEN to RED to see if in this case everything is OK.
If yes, disable the rule and create another rule from GREEN to RED with 8443 and 7074 ports, opened, and check again.
Also, check the proxy path, as @mrmarkuz suggested. Do you use Proxy with SSL?
Did you have a router between NS and ISP? Maybe the issue is there.
PS:
You may need also a port forwarding rule (Inbound traffic) on NS, from RED to GREEN to open 7074 port for “Communication messages received from endpoints linked to Endpoint Security Relay”, if available.
Maybe it helps:
This conflict, as far as i can remember, of the “cloud setup” needs. There’s no server into lan, only GravityZone Clients…
Yes, but as requirement, even if in the lan there is or there is not a server, at least one PC must be installed as “relay”.
"Warning
https://www.bitdefender.com/support/gravityzone-(cloud-console)-communication-ports-1256.html
Just as my friends wrote. You can install it on a server or on one computer (Realy) that sends packets. I chose the second version.
I’m ashamed, but I do not know how to open these ports: / How do I switch GREEN to RED?
Can i am turn it on the panel? Is there only a command line?
I can attach logs to you if it helps with anything.
I don’t have the necessary resources to check if it is correct and if it works, but you can try from GUI:
Or, you can try first to create a rule to check if BDFGZ pass through NS without restriction (in fact, everything will pass through NS, in and out):
Thank you very much.
I can always rely on you guys.
I’ll check in the morning and let me know.
Thank you again!
It was enough to deselect the Filter in the web content filter.
Thanks, thanks, thanks 
@mrmarkuz and @GG_jr
The rest will be useful for the future.
I you need the web content filter working you’ll have to add the exceptions for GravityZone Servers.