UK and European Union Firewall Rules

Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur.

Communication with Alert Logic appliances

Appliance inbound

Depending on your environment and default firewall rules, additional rules may be required to allow the Alert Logic EU data center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Product Function Description
*Agent(s) CIDR Appliance TCP 443 Network IDS Agent updates
*Agent(s) CIDR Appliance TCP 7777 Network IDS Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Network IDS Appliance claim
185.54.124.0/24 Appliance TCP 2222 Inline WAF Secure shell (AWS Auto Scaling only)
185.54.124.0/24 Appliance TCP 4849 Inline WAF Appliance user interface
185.54.124.0/24 Appliance TCP 5666 Network IDS Appliance monitoring (Debian only)
185.54.124.0/24 Appliance TCP 22   Optional and temporary- required for troubleshooting during provisioning only

* Network subnet range for the agent(s).

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Depending on your environment and default outbound firewall rules, additional rules may be required to allow the Alert Logic appliances to communicate with the Alert Logic US data center .

Source Destination Protocol Port Product Function Description
Appliance 8.8.8.8 TCP/UDP 53 Network IDS DNS
Appliance 8.8.4.4 TCP/UDP 53 Network IDS DNS
Appliance DNS servers TCP/UDP 53 Inline WAF DNS
Appliance 0.0.0.0/0 TCP 80 Network IDS Appliance updates
Appliance 185.54.124.0/24 UDP 123 Network IDS NTP, time sync
Appliance 0.0.0.0/0 TCP 443 Inline WAF S3 access (optional for non-AWS customers)
Appliance 185.54.124.0/24 TCP 443 Network IDS Updates, data transport
Appliance 185.54.124.0/24 TCP 4138 Network IDS Event transport
Appliance 185.54.124.0/24 UDP/TCP All Network IDS Debian only

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Agent outbound

You must add the following rules to allow agents or remote collectors to communicate with the EU data center.

Source Destination Protocol Port Description
Source host Appliance TCP 7777 Data transport
Protected host 185.54.124.0/24 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)

Platform-specific information

AWS marketplace customers

If you select a default security group in the AWS marketplace, AWS automatically configures firewall rules. The default rules are acceptable, but you can change them to the recommended rules.

Outbound firewall rules for AWS pertain only to VPC customers. By default, the outbound rules open any port to any destination.

Google Cloud Platform customers

The Terraform template that Alert Logic provided to you sets up the firewall rules when it creates your instances in Google Cloud Platform (GCP).