Requirements for Alert Logic Managed Web Application Firewall (WAF) for Rackspace Public Cloud

United States firewall rules

Use the following rules to communicate with the US Data Center.

Appliance inbound

Source Destination Protocol Port Description
204.110.218.96/27 Appliance TCP 2222 Secure Shell (AWS Autoscaling Only)
204.110.219.96/27 Appliance TCP 2222 Secure Shell (AWS Autoscaling Only)
208.71.209.32/27 Appliance TCP 2222 Secure Shell (AWS Autoscaling Only)
204.110.218.96/27 Appliance TCP 4849 Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Appliance user interface
208.71.209.32/27 Appliance TCP 4849 Appliance user interface
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Source Destination Protocol Port Description
Appliance 204.110.218.96/27 TCP 443 Data transport
Appliance 204.110.219.96/27 TCP 443 Data transport
Appliance 204.110.218.96/27 UDP 123 NTP (OpenBSD and CentOS only)
Appliance 204.110.219.96/27 UDP 123 NTP (OpenBSD and CentOS only)
Appliance 0.0.0.0/0 TCP 443 AWS S3 (AWS only)
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS

 

European Union firewall rules

Use the following rules to communicate with the EU Data Center.

Appliance inbound

Source Destination Protocol Port Description
185.54.124.0/24 Appliance TCP 4849 Appliance user interface
185.54.124.0/24 Appliance TCP 2222 Secure Shell (AWS Autoscaling Only)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Appliance outbound

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 UDP 123 NTP (OpenBSD only)
Appliance 0.0.0.0/0 TCP 443 S3 access (optional for non-AWS)
Appliance 185.54.124.0/24 TCP 443 Data transport/software updates
Appliance DNS Servers TCP/UDP 53 DNS

VMware virtual appliance

The following table describes the basic system requirements to install a VMware virtual appliance:

Components System Requirements
CPU 2 CPUs 64 bit
RAM 4 GB
Disk space 250 GB
Virtual network interface(s) An interface with an external IP address for management
An interface with access to the web servers to be protected
Encryption / Decryption for SSL traffic AES-NI CPU instruction set for encryption/decryption of SSL traffic on VMs and host OS is recommended
Clustering For clustering to work, make sure promiscuous mode, forged transmits, and MAC address changes are allowed on the VMware virtual switch (vSwitch) or the port group in the VMware ESX network configuration

Physical appliance

The following table describes the basic system requirements to install a physical appliance:

Components System Requirements
Equipment 100–250 Mbit
CPU Intel Xeon E3 4 cores
RAM 8 GB
DISC 500GB
Chassis 1U rack mounted
Power 250W
Log collection support N/A
Encryption TLS Standard (SSL): 1024–2048bit key encryption, 256bit AES bulk encryption

Operating systems and browser support

The Alert Logic console supports the current version and the previous major version of the following operating systems and browsers: 

Operating system support Browser support
Mac, Linux, and Windows Chrome, Safari, Firefox, Opera, and Internet Explorer

Alert Logic cannot guarantee that other browsers and versions will work with our product.

Related topics