Firewall rules

United States firewall rules

Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur. Refer to the following for rules specific to your Alert Logic product.

Threat Manager physical appliance

Appliance inbound (CentOS)

If you are using the US Data Center, no additional firewall rules are required to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Virtual appliance claim only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound (CentOS)

If you are using the US Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 208.71.209.32/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 UDP 123 NTP, time sync
Appliance 208.71.209.32/27 UDP 123 NTP, time sync

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Threat Manager Virtual Appliance

Appliance inbound

If you are using the US Data Center, use the following required firewall rules to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Appliance claim
*Agent(s) CIDR Appliance TCP 443 Agent updates
*Agent(s) CIDR Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only

The asterisk ( * ) indicates the network subnet range for the agent.

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the US Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic US Data Center.

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 208.71.209.32/27 TCP 4138 Event transport

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Agent outbound

If you are using the US Data Center, use the following rules to allow the agent to communicate with the Alert Logic US Data Center.

Source Destination Protocol Port Description
Protected host 208.71.209.32/27 TCP 443 Agent updates (direct)
Protected host 204.110.218.96/27 TCP 443 Agent updates (direct)
Protected host 204.110.219.96/27 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)

Log Manager

Appliance inbound

If you are using the US Data Center, use the following inbound firewall rules to allow the Alert Logic US Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Virtual appliance claim only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the US Data Center, use the following outbound firewall rules only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 208.71.209.32/27 TCP 443 Data transport
Appliance 204.110.218.96/27 TCP 443 Data transport
Appliance 204.110.219.96/27 TCP 443 Data transport
Appliance 204.110.219.96/27 UDP 123 NTP, time sync
Appliance 208.71.209.32/27 UDP 123 NTP, time sync

Agent or remote collector outbound rules

If you are using the US Data Center, you must add the following rule to allow agents or remote collectors to communicate with the US Data Center.

Source Destination Protocol Port Description
Source host 208.71.209.32/27 TCP 443 Data transport
Source host 204.110.218.96/27 TCP 443 Data transport
Source host 204.110.219.96/27 TCP 443 Data transport

Web Security Manager

Appliance inbound

If you are using the US Data Center, use the following required firewall rules to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Appliance claim
*Agent(s) CIDR Appliance TCP 443 Agent updates
208.71.209.32/27 Appliance TCP 4849 Appliance user interface
204.110.218.96/27 Appliance TCP 4849 Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Appliance user interface
*Agent(s) CIDR Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only

The asterisk ( * ) indicates the network subnet range for the agent.

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the US Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic US Data Center.

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 204.110.219.96/27 TCP 80 Updates
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 208.71.209.32/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 8080 Updates

Agent outbound

If you are using the US Data Center, use the following rules to allow the agent to communicate with the Alert Logic US Data Center.

Source Destination Protocol Port Description
Protected host 204.110.218.96/27 TCP 443 Agent updates (direct)
Protected host 204.110.219.96/27 TCP 443 Agent updates (direct)
Protected host 208.71.209.32/27 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)

Managed WAF

Appliance inbound

If you are using the US Data Center, use the following firewall rules to allow the Alert Logic US Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
204.110.218.96/27 Appliance TCP 2222 Secure Shell (AWS Auto Scaling only)
204.110.219.96/27 Appliance TCP 2222 Secure Shell (AWS Auto Scaling only)
208.71.209.32/27 Appliance TCP 2222 Secure Shell (AWS Auto Scaling only)
204.110.218.96/27 Appliance TCP 4849 Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Appliance user interface
208.71.209.32/27 Appliance TCP 4849 Appliance user interface
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the US Data Center, these outbound rules are required only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port Description
Appliance DNS Servers TCP/UDP 53 DNS
Appliance 204.110.218.96/27 UDP 123 NTP (OpenBSD only)
Appliance 204.110.219.96/27 UDP 123 NTP (OpenBSD only)
Appliance 208.71.209.32/27 UDP 123 NTP (OpenBSD only)
Appliance 204.110.218.96/27 TCP 443 Data transport/software updates
Appliance 204.110.219.96/27 TCP 443 Data transport/software updates
Appliance 208.71.209.32/27 TCP 443 Data transport/software updates
Appliance 0.0.0.0/0 TCP 443 S3 access (optional for non-AWS)

European Union firewall rules

Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur. Refer to the following for rules specific to your Alert Logic product.

Threat Manager Physical Appliance

Appliance inbound (CentOS)

If you are using the EU Data Center, no additional firewall rules are required to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound (CentOS)

If you are using the EU Data Center, the following outbound firewall rules are required only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 185.54.124.0/24 UDP 123 NTP, time sync

Appliance inbound (Debian)

If you are using the EU Data Center, use the following firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
185.54.124.0/24 Appliance TCP 5666 Appliance monitoring
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound (Debian)

If you are using the EU Data Center, the following outbound firewall rules are required only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port
Appliance 185.54.124.0/24 UDP/TCP All

Threat Manager Virtual Appliance

Appliance inbound

If you are using the EU Data Center, use the following inbound firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
*Agent(s) CIDR Appliance TCP 443 Agent updates
*Agent(s) CIDR Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Appliance claim
185.54.124.0/24 Appliance TCP 4849 Appliance user interface (Web Security Manager)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only

* Network subnet range for the agent(s).

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the EU Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic EU Data Center.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Agent outbound

If you are using the EU Data Center, use the following rules to allow agents to communicate with the Alert Logic EU Data Center.

Source Destination Protocol Port Description
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
Protected host 185.54.124.0/24 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)

Log Manager

Appliance inbound

If you are using the EU Data Center, use the following inbound firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Virtual appliance claim only
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the EU Data Center, use the following outbound firewall rules only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Data transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 185.54.124.0/24 UDP 123 NTP, time sync

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Agent or remote collector outbound rules

If you are using the EU Data Center, you must add the following rule to allow agents or remote collectors to communicate with the Alert Logic EU Data Center.

Source Destination Protocol Port Description
Source host 185.54.124.0/24 TCP 443 Data transport

Web Security Manager

Appliance inbound

If you are using the EU Data Center, use the following required firewall rules to allow the Alert Logic EU Data Center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Description
*Agent(s) CIDR Appliance TCP 443 Agent updates
*Agent(s) CIDR Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Appliance claim
185.54.124.0/24 Appliance TCP 4849 Appliance user interface (Web Security Manager)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only

* Network subnet range for the agent(s).

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the EU Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic EU Data Center.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates

Agent outbound

If you are using the EU Data Center, use the following rules to allow the agent to communicate with the Alert Logic EU Data Center.

Source Destination Protocol Port Description
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
Protected host 185.54.124.0/24 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)

 

Managed WAF

Appliance inbound

If you are using the EU Data Center, use the following firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.

Source Destination Protocol Port Description
185.54.124.0/24 Appliance TCP 4849 Appliance user interface
185.54.124.0/24 Appliance TCP 2222 Secure Shell (AWSAuto Scaling Only)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

If you are using the EU Data Center, these outbound firewall rules are required only on networks with restrictive outbound network traffic rules.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 UDP 123 NTP (OpenBSD only)
Appliance 0.0.0.0/0 TCP 443 S3 access (optional for non-AWS)
Appliance 185.54.124.0/24 TCP 443 Data transport/software updates
Appliance DNS Servers TCP/UDP 53 DNS

Related topics