Requirements for Alert Logic Threat Manager for Google Cloud Platform

United States firewall rules

Use the following rules to communicate with the US Data Center.

Appliance inbound

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Appliance claim
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates, agent routing, log collection
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 4138 Event transport
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 UDP 123 NTP, time sync
Appliance 208.71.209.32/27 UDP 123 NTP, time sync

Agent outbound

Source Destination Protocol Port Description
Protected host 208.71.209.32/27 TCP 443 Agent updates (direct)
Protected host 204.110.218.96/27 TCP 443 Agent updates (direct)
Protected host 204.110.219.96/27 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)

European Union firewall rules

Use the following rules to communicate with the EU Data Center.

Appliance inbound

Source Destination Protocol Port Description
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Appliance claim
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 185.54.124.0/24 UDP 123 NTP, time sync

Agent outbound

Source Destination Protocol Port Description
Protected host Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
Protected host 185.54.124.0/24 TCP 443 Agent updates (direct)
Protected host Appliance TCP 443 Agent updates (single point egress)

Virtual appliance

The following table describes the basic system requirements to install a Threat Manager virtual appliance:

Components System Requirements
CPU 4 virtual CPUs
RAM 8 GB
Disk space 40 GB minimum
Supported virtual environment VMware only
Log collection support N/A
Encryption TLS Standard (SSL): 1024–2048bit key encryption, 256bit AES bulk encryption

This is the recommended basic configuration for the Threat Manager product when deployed on a virtual appliance. Bandwidth volume directly impacts the ability of the appliance to inspect traffic. Therefore, high traffic environments may require a virtual machine with additional processor and memory resources.

If you want to run scans, consider 8 virtual CPUs (cores) and 16 GB of memory.

Alert Logic agent

The following table describes the basic requirements to install the agent:

Components System requirements
Operating systems For Windows users:
  • Windows Server 2016
  • Windows 10
  • Windows Server 2003, SP1
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows XP SP1

For Linux users:
Debian (.deb)
  • 5.x (lenny)
  • 6.x (squeeze)
  • 7.x (wheezy)
  • 8.x (jessie)

Ubuntu (.deb)
  • 10.x
  • 12.x
  • 14.x
  • 16.x

CentOS (.rpm)
  • 5.x
  • 6.x
  • 7.x

Red Hat Enterprise Linux (.rpm)
  • 5.x
  • 6.x
  • 7.x

SUSE
  • 12.1
  • 12.0
  • 11.4
  • 11.3

Amazon Linux

The Alert Logic agent can be used in AWS Workspaces in conjunction with a supported operating system.

Memory 96 MB of available memory
Disk space for agent 30 MB of available disk space
Disk space for local cache 500 MB of available disk space
Packet access WinPcap 4.1.2
CPU Utilization 1-10% depending on log volume
RAM 15 MB minimum
Disk space 30 MB minimum
Log collection support Windows, Flat File
Supported environments Agent-only deployments with virtual and physical appliances, VPC, and Public Clouds
Encryption TLS Standard (SSL): 2048-bit key encryption, 256-bit AES bulk encryption
Log collection frequency At minimum, every five minutes logs are collected and sent to Alert Logic Cloud
Host permissions LocalSystem account has all the necessary permissions by default

The agent requires DNS access to communicate with the Alert Logic server.

Operating systems and browser support

The Alert Logic console supports the current version and the previous major version of the following operating systems and browsers: 

Operating system support Browser support
Mac, Linux, and Windows Chrome, Safari, Firefox, Opera, and Internet Explorer

Alert Logic cannot guarantee that other browsers and versions will work with our product.

Related topics