Firewall rules
United States firewall rules
Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur. Refer to the following for rules specific to your Alert Logic product.
Threat Manager physical appliance
Appliance inbound (CentOS)
If you are using the US Data Center, no additional firewall rules are required to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 204.110.218.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.219.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 208.71.209.32/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound (CentOS)
If you are using the US Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 204.110.218.96/27 | TCP | 443 | Updates |
| Appliance | 204.110.219.96/27 | TCP | 443 | Updates |
| Appliance | 208.71.209.32/27 | TCP | 443 | Updates |
| Appliance | 204.110.218.96/27 | TCP | 4138 | Event transport |
| Appliance | 204.110.219.96/27 | TCP | 4138 | Event transport |
| Appliance | 208.71.209.32/27 | TCP | 4138 | Event transport |
| Appliance | 204.110.219.96/27 | UDP | 123 | NTP, time sync |
| Appliance | 208.71.209.32/27 | UDP | 123 | NTP, time sync |
You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.
Threat Manager Virtual Appliance
Appliance inbound
If you are using the US Data Center, use the following required firewall rules to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 0.0.0.0/0 | Appliance | TCP | 80 | Appliance claim |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 443 | Agent updates, agent routing, log collection |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| 208.71.209.32/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.218.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.219.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the US Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic US Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 204.110.218.96/27 | TCP | 443 | Updates |
| Appliance | 204.110.219.96/27 | TCP | 443 | Updates |
| Appliance | 208.71.209.32/27 | TCP | 443 | Updates |
| Appliance | 204.110.218.96/27 | TCP | 4138 | Event transport |
| Appliance | 204.110.219.96/27 | TCP | 4138 | Event transport |
| Appliance | 208.71.209.32/27 | TCP | 4138 | Event transport |
You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.
Agent outbound
If you are using the US Data Center, use the following rules to allow the agent to communicate with the Alert Logic US Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Protected host | 208.71.209.32/27 | TCP | 443 | Agent updates (direct) |
| Protected host | 204.110.218.96/27 | TCP | 443 | Agent updates (direct) |
| Protected host | 204.110.219.96/27 | TCP | 443 | Agent updates (direct) |
| Protected host | Appliance | TCP | 443 | Agent updates (single point egress) |
| Protected host | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
Log Manager
Appliance inbound
If you are using the US Data Center, use the following inbound firewall rules to allow the Alert Logic US Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 0.0.0.0/0 | Appliance | TCP | 80 | Virtual appliance claim only |
| 204.110.218.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.219.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 208.71.209.32/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the US Data Center, use the following outbound firewall rules only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 208.71.209.32/27 | TCP | 443 | Data transport |
| Appliance | 204.110.218.96/27 | TCP | 443 | Data transport |
| Appliance | 204.110.219.96/27 | TCP | 443 | Data transport |
| Appliance | 204.110.219.96/27 | UDP | 123 | NTP, time sync |
| Appliance | 208.71.209.32/27 | UDP | 123 | NTP, time sync |
Agent or remote collector outbound rules
If you are using the US Data Center, you must add the following rule to allow agents or remote collectors to communicate with the US Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Source host | 208.71.209.32/27 | TCP | 443 | Data transport |
| Source host | 204.110.218.96/27 | TCP | 443 | Data transport |
| Source host | 204.110.219.96/27 | TCP | 443 | Data transport |
Web Security Manager
Appliance inbound
If you are using the US Data Center, use the following required firewall rules to allow the Alert Logic US Data Center to communicate with the Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 0.0.0.0/0 | Appliance | TCP | 80 | Appliance claim |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 443 | Agent updates |
| 208.71.209.32/27 | Appliance | TCP | 4849 | Appliance user interface |
| 204.110.218.96/27 | Appliance | TCP | 4849 | Appliance user interface |
| 204.110.219.96/27 | Appliance | TCP | 4849 | Appliance user interface |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| 208.71.209.32/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.218.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.219.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the US Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic US Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 204.110.219.96/27 | TCP | 80 | Updates |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 208.71.209.32/27 | TCP | 443 | Updates |
| Appliance | 204.110.218.96/27 | TCP | 443 | Updates |
| Appliance | 204.110.219.96/27 | TCP | 443 | Updates |
| Appliance | 204.110.218.96/27 | TCP | 4138 | Event transport |
| Appliance | 204.110.219.96/27 | TCP | 4138 | Event transport |
| Appliance | 208.71.209.32/27 | TCP | 4138 | Event transport |
| Appliance | 204.110.219.96/27 | TCP | 8080 | Updates |
Agent outbound
If you are using the US Data Center, use the following rules to allow the agent to communicate with the Alert Logic US Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Protected host | 204.110.218.96/27 | TCP | 443 | Agent updates (direct) |
| Protected host | 204.110.219.96/27 | TCP | 443 | Agent updates (direct) |
| Protected host | 208.71.209.32/27 | TCP | 443 | Agent updates (direct) |
| Protected host | Appliance | TCP | 443 | Agent updates (single point egress) |
| Protected host | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
Managed WAF
Appliance inbound
If you are using the US Data Center, use the following firewall rules to allow the Alert Logic US Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 204.110.218.96/27 | Appliance | TCP | 2222 | Secure Shell (AWS Autoscaling Only) |
| 204.110.219.96/27 | Appliance | TCP | 2222 | Secure Shell (AWS Autoscaling Only) |
| 208.71.209.32/27 | Appliance | TCP | 2222 | Secure Shell (AWS Autoscaling Only) |
| 204.110.218.96/27 | Appliance | TCP | 4849 | Appliance user interface |
| 204.110.219.96/27 | Appliance | TCP | 4849 | Appliance user interface |
| 208.71.209.32/27 | Appliance | TCP | 4849 | Appliance user interface |
| 204.110.218.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 204.110.219.96/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
| 208.71.209.32/27 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the US Data Center, these outbound rules are required only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | DNS Servers | TCP/UDP | 53 | DNS |
| Appliance | 204.110.218.96/27 | UDP | 123 | NTP (OpenBSD only) |
| Appliance | 204.110.219.96/27 | UDP | 123 | NTP (OpenBSD only) |
| Appliance | 208.71.209.32/27 | UDP | 123 | NTP (OpenBSD only) |
| Appliance | 204.110.218.96/27 | TCP | 443 | Data transport/software updates |
| Appliance | 204.110.219.96/27 | TCP | 443 | Data transport/software updates |
| Appliance | 208.71.209.32/27 | TCP | 443 | Data transport/software updates |
| Appliance | 0.0.0.0/0 | TCP | 443 | S3 access (optional for non-AWS) |
European Union firewall rules
Before installing Alert Logic products, you need to adjust your firewall rules so that data can be securely transferred to and from Alert Logic, along with allowing product updates to occur. Refer to the following for rules specific to your Alert Logic product.
Threat Manager Physical Appliance
Appliance inbound (CentOS)
If you are using the EU Data Center, no additional firewall rules are required to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound (CentOS)
If you are using the EU Data Center, the following outbound firewall rules are required only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 185.54.124.0/24 | TCP | 443 | Updates |
| Appliance | 185.54.124.0/24 | TCP | 4138 | Event transport |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 185.54.124.0/24 | UDP | 123 | NTP, time sync |
Appliance inbound (Debian)
If you are using the EU Data Center, use the following firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 185.54.124.0/24 | Appliance | TCP | 5666 | Appliance monitoring |
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound (Debian)
If you are using the EU Data Center, the following outbound firewall rules are required only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port |
|---|---|---|---|
| Appliance | 185.54.124.0/24 | UDP/TCP | All |
Threat Manager Virtual Appliance
Appliance inbound
If you are using the EU Data Center, use the following inbound firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 443 | Agent updates |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| 0.0.0.0/0 | Appliance | TCP | 80 | Appliance claim |
| 185.54.124.0/24 | Appliance | TCP | 4849 | Appliance user interface (Web Security Manager) |
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the EU Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic EU Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 185.54.124.0/24 | TCP | 443 | Updates |
| Appliance | 185.54.124.0/24 | TCP | 4138 | Event transport |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.
Agent outbound
If you are using the EU Data Center, use the following rules to allow agents to communicate with the Alert Logic EU Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Protected host | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| Protected host | 185.54.124.0/24 | TCP | 443 | Agent updates (direct) |
| Protected host | Appliance | TCP | 443 | Agent updates (single point egress) |
Log Manager
Appliance inbound
If you are using the EU Data Center, use the following inbound firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 0.0.0.0/0 | Appliance | TCP | 80 | Virtual appliance claim only |
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the EU Data Center, use the following outbound firewall rules only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 185.54.124.0/24 | TCP | 443 | Data transport |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
| Appliance | 185.54.124.0/24 | UDP | 123 | NTP, time sync |
You may see outbound TCP 443 or TCP 22 connections to public cloud infrastructure. Alert Logic attempts to contact the nearest regional cloud resource, and if that fails, it connects to the standard IP ranges for your assigned data center. The system attempts to use the closest resource first in future connection attempts. Cloud resources are dynamically assigned, and IP addresses are not static.
Agent or remote collector outbound rules
If you are using the EU Data Center, you must add the following rule to allow agents or remote collectors to communicate with the Alert Logic EU Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Source host | 185.54.124.0/24 | TCP | 443 | Data transport |
Web Security Manager
Appliance inbound
If you are using the EU Data Center, use the following required firewall rules to allow the Alert Logic EU Data Center to communicate with the Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 443 | Agent updates |
| Agent(s) CIDR- network subnet range for the agent(s) | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| 0.0.0.0/0 | Appliance | TCP | 80 | Appliance claim |
| 185.54.124.0/24 | Appliance | TCP | 4849 | Appliance user interface (Web Security Manager) |
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the EU Data Center, use the following outbound firewall rules to allow your appliance to communicate with the Alert Logic EU Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 185.54.124.0/24 | TCP | 443 | Updates |
| Appliance | 185.54.124.0/24 | TCP | 4138 | Event transport |
| Appliance | 8.8.8.8 | TCP/UDP | 53 | DNS |
| Appliance | 8.8.4.4 | TCP/UDP | 53 | DNS |
| Appliance | 0.0.0.0/0 | TCP | 80 | Appliance updates |
Agent outbound
If you are using the EU Data Center, use the following rules to allow the agent to communicate with the Alert Logic EU Data Center.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Protected host | Appliance | TCP | 7777 | Agent data transport (between agent and appliance on local network) |
| Protected host | 185.54.124.0/24 | TCP | 443 | Agent updates (direct) |
| Protected host | Appliance | TCP | 443 | Agent updates (single point egress) |
Managed WAF
Appliance inbound
If you are using the EU Data Center, use the following firewall rules to allow the Alert Logic EU Data Center to communicate with your Alert Logic appliances.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| 185.54.124.0/24 | Appliance | TCP | 4849 | Appliance user interface |
| 185.54.124.0/24 | Appliance | TCP | 2222 | Secure Shell (AWS Autoscaling Only) |
| 185.54.124.0/24 | Appliance | TCP | 22 | Optional and temporary- required for troubleshooting during provisioning only |
Appliance outbound
If you are using the EU Data Center, these outbound firewall rules are required only on networks with restrictive outbound network traffic rules.
| Source | Destination | Protocol | Port | Description |
|---|---|---|---|---|
| Appliance | 185.54.124.0/24 | UDP | 123 | NTP (OpenBSD only) |
| Appliance | 0.0.0.0/0 | TCP | 443 | S3 access (optional for non-AWS) |
| Appliance | 185.54.124.0/24 | TCP | 443 | Data transport/software updates |
| Appliance | DNS Servers | TCP/UDP | 53 | DNS |
Related topics
