On This Page
Device-related Ports
These ports need to be opened either on the Central Cluster or the Remote Collector cluster, depending on where the devices are being monitored. For more information, see TOS Aurora Architecture.
|
For Monitored Devices |
Source |
Destination |
Service / Port |
Description |
|---|---|---|---|---|
|
All except CheckPoint, Amazon AWS, Microsoft Azure, OpenStack |
Monitored device |
|
Syslog <UDP 514> (default) or alternative port as configured |
Required if you configure these devices to send syslogs for 'real-time' accountability and usage data |
|
BlueCoat, Cisco IOS-based, Cisco FTD (for dynamic topology only), JuniperOS-based, F5 , ASA, IOS L3 Switch,Nexus, Cisco routers (IOS or IOS XE) |
Any node (physical IP) |
Monitored device |
SSH <TCP 22> |
Required when you monitor these devices. Used to retrieve configuration and usage information from the device |
|
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
FW1_ica_pull <TCP 18210>
|
Required when you monitor these devices. Used to establish trust with the TOS Aurora machine |
|
Check Point |
Any node (physical IP) |
|
FW1_lea <TCP 18184> |
Required if you configure real-time notifications from these devices for policy changes, audit log forwarding or operating system log forwarding |
|
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
CPMI <TCP 18190> |
Required if you monitor these devices. Retrieve configuration |
|
Check Point (multi-node implementation) |
Any node (physical IP) |
FireWall-1/VPN-1® gateway |
SNMP <UDP 161> (default) or alternative port as configured |
Required if you monitor these devices. Used to retrieve operating system-level data from monitored Firewall gateways Note that this is only relevant for deployments made originally on TOS Classic that have been upgraded up to the current release. |
|
Check Point R80.x |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs and MDSs) |
Management traffic: HTTPS <TCP 443>
|
Required if you monitor these devices. Required for Check Point API |
|
Stonesoft |
Any node (physical IP) |
Stonesoft |
StoneSoft <TCP 8082> |
Required to retrieve StoneSoft configuration |
|
Juniper NSM |
Any node (physical IP) |
Juniper NSM |
Juniper NSM <TCP 8443> |
Required to retrieve Juniper NSM configuration |
|
Fortinet FortiManager |
Any node (physical IP) |
Fortinet FortiManager |
HTTPS <TCP 443> |
Required for FortiManager API |
|
Panorama/ Palo Alto |
Any node (physical IP) |
Monitored Device |
HTTPS <TCP 443> |
Required to retrieve configuration and usage information from a panorama or Palo Alto device |
|
Amazon AWS, Google GCP, Microsoft Azure |
Any node (physical IP) |
Public Management API |
HTTPS <TCP 443> |
Required by Amazon SWF and beanstalk, and by Microsoft Azure |
|
OpenStack |
Any node (physical IP) |
OpenStack Identity service (keystone) |
HTTP, HTTPS <TCP 5000> |
Required by OpenStack Keystone for the identity service public endpoint (Note: port is user-configurable in Keystone). From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
|
OpenStack |
Any node (physical IP) |
OpenStack Networking service (neutron) |
HTTP, HTTPS <TCP 9696> |
Required by OpenStack Neutron networking. From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
|
OpenStack |
Any node (physical IP) |
OpenStack Compute service (nova) |
HTTP, HTTPS <TCP 8774> |
Required by OpenStack Nova for the compute endpoints. From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
|
NSX |
Any node (physical IP) |
NSX Manager |
HTTPS <TCP 443> |
Required for NSX REST API |
|
NSX |
Any node (physical IP) |
vCenter |
SSL <TCP 443> |
Required for NSX vCenter API |
|
OPM devices |
Monitored device |
|
HTTPS <TCP 9099> |
Required if OPM devices are monitored. Allows cluster to receive data from OPM devices |
