United States Firewall Rules

Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur.

Communication with Alert Logic appliances

Appliance inbound

Depending on your environment and default firewall rules, additional rules may be required to allow the Alert Logic US data center to communicate with the Alert Logic appliances.

Source Destination Protocol Port Product Function Description
0.0.0.0/0 Appliance TCP 80 Network IDS Virtual appliance claim only
*Agent(s) CIDR Appliance TCP 443 Network IDS Agent updates
*Agent(s) CIDR Appliance TCP 7777 Network IDS Agent data transport (between agent and appliance on local network)
204.110.218.96/27 Appliance TCP 2222 Network IDS Secure shell (AWS Auto Scaling only)
204.110.219.96/27 Appliance TCP 2222 Network IDS Secure shell (AWS Auto Scaling only)
208.71.209.32/27 Appliance TCP 2222 Network IDS Secure shell (AWS Auto Scaling only)
204.110.218.96/27 Appliance TCP 4849 Managed WAF Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Managed WAF Appliance user interface
208.71.209.32/27 Appliance TCP 4849 Managed WAF Appliance user interface
204.110.218.96/27 Appliance TCP 22   Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22   Optional and temporary- required for troubleshooting during provisioning only
208.71.209.32/27 Appliance TCP 22   Optional and temporary- required for troubleshooting during provisioning only

* Network subnet range for the agent(s).

Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Depending on your environment and default outbound firewall rules, additional rules may be required to allow the Alert Logic appliances to communicate with the Alert Logic US data center .

Source Destination Protocol Port Product Function Description
Appliance 8.8.4.4 TCP/UDP 53 Network IDS DNS
Appliance 8.8.8.8 TCP/UDP 53 Network IDS DNS
Appliance 0.0.0.0/0 TCP 80 Network IDS Appliance updates
Appliance 204.110.219.96/27 UDP 123 Network IDS NTP, time sync
Appliance 208.71.209.32/27 UDP 123 Network IDS NTP, time sync
Appliance 204.110.218.96/27 TCP 443 Network IDS Updates
Appliance 204.110.219.96/27 TCP 443 Network IDS Updates
Appliance 208.71.209.32/27 TCP 443 Network IDS Updates
Appliance 204.110.218.96/27 TCP 4138 Network IDS Event transport
Appliance 204.110.219.96/27 TCP 4138 Network IDS Event transport
Appliance 208.71.209.32/27 TCP 4138 Network IDS Event transport
Appliance 204.110.219.96/27 TCP 80 Managed WAF Updates
Appliance 204.110.219.96/27 TCP 8080 Managed WAF Updates
Appliance DNS Servers TCP/UDP 53 Managed WAF DNS
Appliance 204.110.218.96/27 UDP 123 Managed WAF NTP (Managed WAF and OpenBSD only)
Appliance 0.0.0.0/0 TCP 443 Managed WAF S3 access (optional for non-AWS customers)

You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.

Agent or remote collector outbound rules

You must add the following rules to allow agents or remote collectors to communicate with the US data center.

Source Destination Protocol Port Description
Protected host 208.71.209.32/27 TCP 443 Agent updates (direct), data transport
Protected host 204.110.218.96/27 TCP 443 Agent updates (direct), data transport
Protected host 204.110.219.96/27 TCP 443 Agent updates (direct), data transport
Protected host Appliance TCP 443 Agent updates (single point egress)
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)

Platform-specific information

AWS marketplace customers

If you select a default security group in the AWS marketplace, AWS automatically configures firewall rules. The default rules are acceptable, but you can change them to the recommended rules.

Outbound firewall rules for AWS pertain only to VPC customers. By default, the outbound rules open any port to any destination.

Google Cloud Platform customers

The Terraform template that Alert Logic provided to you sets up the firewall rules when it creates your instances in Google Cloud Platform (GCP).