Requirements for Alert Logic Web Security Manager for Amazon Web Services

United States firewall rules for direct customers

Use the following rules to communicate with the US Data Center.

Inbound firewall rules

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Appliance claim
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates, agent routing, log collection
208.71.209.32/27 Appliance TCP 4849 Appliance user interface
204.110.218.96/27 Appliance TCP 4849 Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Appliance user interface
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 4138 Event transport
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 UDP 123 NTP, time sync
Appliance 208.71.209.32/27 UDP 123 NTP, time sync

Outbound host rules

Create a new rule Port range Destination
Custom TCP Rule 7777 <Appliances>*
Custom TCP Rule 443 204.110.218.96/27
Custom TCP Rule 443 204.110.219.96/27

European Union firewall rules for direct customers

Use the following rules to communicate with the EU Data Center.

Inbound firewall rules

Source Destination Protocol Port Description
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Appliance claim
185.54.124.0/24 Appliance TCP 4849 Appliance user interface (Web Security Manager)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 185.54.124.0/24 UDP 123 NTP, time sync

Outbound host rules

Create a new rule Port range Destination
Custom TCP Rule 7777 <Appliances>*
Custom TCP Rule 443 185.54.124.0/24

United States firewall rules for marketplace customers

Use the following rules to communicate with the US Data Center.

Default inbound and outbound firewall rules for Threat Manager for AWS

If you select a default security group in the AWS Marketplace, AWS automatically configures the security group with the following inbound firewall rules: 

Source Connection Method Protocol Port Range
0.0.0.0/0 SSH TCP 22 - 22
0.0.0.0/0 DNS TCP 53 - 53
0.0.0.0/0 HTTP TCP 80 - 80
0.0.0.0/0 HTTPS TCP 443 - 443
0.0.0.0/0 HTTPS TCP 7777 - 7777
0.0.0.0/0 DNS UDP 53 - 53
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules for AWS pertain only to VPC customers. By default, the outbound rules open any port to any destination.

The default outbound rules are acceptable, but you can change them to the recommended rules.

Recommended inbound firewall rules for Threat Manager for AWS

The default firewall rules are permissive. If you select the default security group, you can edit the default firewall rules to the Alert Logic recommended settings.

Inbound firewall rules

Source Destination Protocol Port Description
0.0.0.0/0 Appliance TCP 80 Appliance claim
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates, agent routing, log collection
208.71.209.32/27 Appliance TCP 4849 Appliance user interface
204.110.218.96/27 Appliance TCP 4849 Appliance user interface
204.110.219.96/27 Appliance TCP 4849 Appliance user interface
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
208.71.209.32/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.218.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
204.110.219.96/27 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules

Source Destination Protocol Port Description
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 4138 Event transport
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 UDP 123 NTP, time sync
Appliance 208.71.209.32/27 UDP 123 NTP, time sync

Outbound host rules

Create a new rule Port range Destination
Custom TCP Rule 7777 <Appliances>*
Custom TCP Rule 443 204.110.218.96/27
Custom TCP Rule 443 204.110.219.96/27

European Union firewall rules for marketplace customers

Use the following rules to communicate with the EU Data Center.

Default inbound and outbound firewall rules for Threat Manager for AWS

If you select a default security group in the AWS Marketplace, AWS automatically configures the security group with the following inbound firewall rules: 

Source Connection Method Protocol Port Range
0.0.0.0/0 SSH TCP 22 - 22
0.0.0.0/0 DNS TCP 53 - 53
0.0.0.0/0 HTTP TCP 80 - 80
0.0.0.0/0 HTTPS TCP 443 - 443
0.0.0.0/0 HTTPS TCP 7777 - 7777
0.0.0.0/0 DNS UDP 53 - 53
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules for AWS pertain only to VPC customers. By default, the outbound rules open any port to any destination.

The default outbound rules are acceptable, but you can change them to the recommended rules.

Recommended inbound firewall rules for Threat Manager for AWS

The default firewall rules are permissive. If you select the default security group, you can edit the default firewall rules to the Alert Logic recommended settings.

Inbound firewall rules

Source Destination Protocol Port Description
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 443 Agent updates
Agent(s) CIDR- network subnet range for the agent(s) Appliance TCP 7777 Agent data transport (between agent and appliance on local network)
0.0.0.0/0 Appliance TCP 80 Appliance claim
185.54.124.0/24 Appliance TCP 4849 Appliance user interface (Web Security Manager)
185.54.124.0/24 Appliance TCP 22 Optional and temporary- required for troubleshooting during provisioning only
Port 22 is required for troubleshooting during the provisioning process only. After the provisioning process is complete, you may close the port.

Outbound firewall rules

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance updates
Appliance 185.54.124.0/24 UDP 123 NTP, time sync

Outbound host rules

Create a new rule Port range Destination
Custom TCP Rule 7777 <Appliances>*
Custom TCP Rule 443 185.54.124.0/24

Supported AWS regions

Alert Logic supports the following AWS regions for Web Security Manager deployments.

AWS Region Name Region
Asia Pacific (Tokyo) ap-northeast-1
Asia Pacific (Seoul) ap-northeast-2
Asia Pacific (Osaka-Local) ap-northeast-3
Asia Pacific (Mumbai) ap-south-1
Asia Pacific (Singapore) ap-southeast-1
Asia Pacific (Sydney) ap-southeast-2
Canada (Central) ca-central-1
Europe (Frankfurt) eu-central-1
Europe (Ireland) eu-west-1
Europe (London) eu-west-2
Europe (Paris) eu-west-3
South America (São Paulo) sa-east-1
US East (N. Virginia) us-east-1
US East (Ohio) us-east-2
US West (N. California) us-west-1
US West (Oregon) us-west-2

Virtual appliance types in AWS

Review the following approved virtual appliance types. In the AWS marketplace, you should select the appropriate image based on the anticipated network throughput sent to the appliance, and whether you plan to enable vulnerability scanning.

Supported Amazon instance names Supported bandwidth throughput without vulnerability scanning Supported bandwidth throughput with vulnerability scanning

Compute Optimized Large

(c3.large)

300 Mbps This instance does not support scanning.

Compute Optimized XL

(c3.xlarge)

715 Mbps 357 Mbps

Compute Optimized 2XL

(c3.2xlarge)

2 Gbps 1660 Mbps

Compute Optimized Large

(c4.large)

280 Mbps This instance does not support scanning.

Compute Optimized XL

(c4.xlarge)

850 Mbps 550 Mbps

Compute Optimized 2XL

(c4.2xlarge)

1500 Mbps 1100 Mbps

Compute Optimized Large

(c5.large)

320 Mbps 305 Mbps

Compute Optimized XL

(c5.xlarge)

1000 Mbps 640 Mbps

Compute Optimized 2XL

(c5.2xlarge)

1733 Mbps 1780 Mbps

Virtual appliance

The following table describes the basic system requirements to install a Threat Manager virtual appliance:

Components System Requirements
CPU 4 virtual CPUs
RAM 8 GB
Disk space 40 GB minimum
Supported virtual environment VMware only
Log collection support N/A
Encryption TLS Standard (SSL): 1024–2048bit key encryption, 256bit AES bulk encryption

This is the recommended basic configuration for the Threat Manager product when deployed on a virtual appliance. Bandwidth volume directly impacts the ability of the appliance to inspect traffic. Therefore, high traffic environments may require a virtual machine with additional processor and memory resources.

If you want to run scans, consider 8 virtual CPUs (cores) and 16 GB of memory.

Alert Logic agent

The following table describes the basic requirements to install the agent:

Components System requirements
Operating systems For Windows users:
  • Windows Server 2016
  • Windows 10
  • Windows Server 2003, SP1
  • Windows Server 2008
  • Windows Server 2012
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows XP SP1

For Linux users:
Debian (.deb)
  • 5.x (lenny)
  • 6.x (squeeze)
  • 7.x (wheezy)
  • 8.x (jessie)

Ubuntu (.deb)
  • 10.x
  • 12.x
  • 14.x
  • 16.x

CentOS (.rpm)
  • 5.x
  • 6.x
  • 7.x

Red Hat Enterprise Linux (.rpm)
  • 5.x
  • 6.x
  • 7.x

SUSE
  • 12.1
  • 12.0
  • 11.4
  • 11.3

Amazon Linux

The Alert Logic agent can be used in AWS Workspaces in conjunction with a supported operating system.

Memory 96 MB of available memory
Disk space for agent 30 MB of available disk space
Disk space for local cache 500 MB of available disk space
Packet access WinPcap 4.1.2
CPU Utilization 1-10% depending on log volume
RAM 15 MB minimum
Disk space 30 MB minimum
Log collection support Windows, Flat File
Supported environments Agent-only deployments with virtual and physical appliances, VPC, and Public Clouds
Encryption TLS Standard (SSL): 2048-bit key encryption, 256-bit AES bulk encryption
Log collection frequency At minimum, every five minutes logs are collected and sent to Alert Logic Cloud
Host permissions LocalSystem account has all the necessary permissions by default

The agent requires DNS access to communicate with the Alert Logic server.

Operating system and browser support

The Alert Logic console supports the current version and the previous major version of the following operating systems and browsers: 

Operating system support Browser support
Mac, Linux, and Windows Chrome, Safari, Firefox, Opera, and Internet Explorer

Alert Logic cannot guarantee that other browsers and versions will work with its products.

Related topics