On This Page
Device-related Ports
These ports need to be opened either on the Central Cluster or the Remote Collector cluster, depending on where the devices are being monitored.
|
For Monitored Devices |
Source |
Destination |
Service / Port |
Description |
|---|---|---|---|---|
|
All except CheckPoint, Amazon AWS, Microsoft Azure, OpenStack |
Monitored device |
|
Syslog <UDP 514> (default) or alternative port as configured |
Required if you configure these devices to send syslogs for 'real-time' accountability and usage data |
|
BlueCoat, Cisco IOS-based, Cisco FTD (for dynamic topology only), JuniperOS-based, F5 , ASA, IOS L3 Switch,Nexus, Cisco routers (IOS or IOS XE) |
Any node (physical IP) |
Monitored device |
SSH <TCP 22> |
Required when you monitor these devices. Used to retrieve configuration and usage information from the device |
|
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
FW1_ica_pull <TCP 18210>
|
Required when you monitor these devices. Used to establish trust with the TOS Aurora machine |
|
Check Point |
Any node (physical IP) |
|
FW1_lea <TCP 18184> |
Required if you configure real-time notifications from these devices for policy changes, audit log forwarding or operating system log forwarding |
|
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
CPMI <TCP 18190> |
Required if you monitor these devices. Retrieve configuration |
|
Check Point (multi-node implementation) |
Any node (physical IP) |
FireWall-1/VPN-1® gateway |
SNMP <UDP 161> (default) or alternative port as configured |
Required if you monitor these devices. Used to retrieve operating system-level data from monitored Firewall gateways Note that this is only relevant for deployments made originally on TOS Classic that have been upgraded up to the current release. |
|
Check Point R80.x |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
Management traffic: HTTPS <TCP 443>
|
Required if you monitor these devices. Required for Check Point API |
|
Stonesoft |
Any node (physical IP) |
Stonesoft |
StoneSoft <TCP 8082> |
Required to retrieve StoneSoft configuration |
|
Juniper NSM |
Any node (physical IP) |
Juniper NSM |
Juniper NSM <TCP 8443> |
Required to retrieve Juniper NSM configuration |
|
Fortinet FortiManager |
Any node (physical IP) |
Fortinet FortiManager |
HTTPS <TCP 443> |
Required for FortiManager API |
|
Panorama/ Palo Alto |
Any node (physical IP) |
Monitored Device |
HTTPS <TCP 443> |
Required to retrieve configuration and usage information from a panorama or Palo Alto device |
|
Amazon AWS, Google GCP, Microsoft Azure |
Any node (physical IP) |
Public Management API |
HTTPS <TCP 443> |
Required by Amazon SWF and beanstalk, and by Microsoft Azure |
|
OpenStack |
Any node (physical IP) |
OpenStack Identity service (keystone) |
HTTP, HTTPS <TCP 5000> |
Required by OpenStack Keystone for the identity service public endpoint (Note: port is user-configurable in Keystone) |
|
OpenStack |
Any node (physical IP) |
OpenStack Networking service (neutron) |
HTTP, HTTPS <TCP 9696> |
Required by OpenStack Neutron networking |
|
OpenStack |
Any node (physical IP) |
OpenStack Compute service (nova) |
HTTP, HTTPS <TCP 8774> |
Required by OpenStack Nova for the compute endpoints |
|
NSX |
Any node (physical IP) |
NSX Manager |
HTTPS <TCP 443> |
Required for NSX REST API |
|
NSX |
Any node (physical IP) |
vCenter |
SSL <TCP 443> |
Required for NSX vCenter API |
|
OPM devices |
Monitored device |
|
HTTPS <TCP 9099> |
Required if OPM devices are monitored. Allows cluster to receive data from OPM devices |
