On This Page
Device-Related Ports
These ports need to be opened either on the Central Cluster or the Remote Collector cluster, depending on where the devices are being monitored. For more information, see TOS Aurora Architecture.
For Monitored Devices |
Source |
Destination |
Service / Port |
Description |
---|---|---|---|---|
All except CheckPoint, Amazon AWS, Microsoft Azure |
Monitored device |
|
Syslog <UDP 514> (default) or alternative port as configured |
Required if you configure these devices to send syslogs for 'real-time' accountability and usage data |
BlueCoat, Cisco IOS-based, Cisco FTD (for dynamic topology only), JuniperOS-based, F5 , ASA, IOS L3 Switch,Nexus, Cisco routers (IOS or IOS XE) |
Any node (physical IP) |
Monitored device |
SSH <TCP 22> |
Required when you monitor these devices. Used to retrieve configuration and usage information from the device |
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
FW1_ica_pull <TCP 18210>
|
Required when you monitor these devices. Used to establish trust with the TOS Aurora machine |
Check Point |
Any node (physical IP) |
|
FW1_lea <TCP 18184> |
Required if you configure real-time notifications from these devices for policy changes, audit log forwarding or operating system log forwarding |
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
CPMI <TCP 18190> |
Required if you monitor these devices. Retrieve configuration |
Check Point |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
TCP encrypted <TCP 6514> |
Required if you monitor these devices. Retrieve configuration |
Check Point (multi-node implementation) |
Any node (physical IP) |
FireWall-1/VPN-1® gateway |
SNMP <UDP 161> (default) or alternative port as configured |
Required if you monitor these devices. Used to retrieve operating system-level data from monitored Firewall gateways Note that this is only relevant for deployments made originally on TOS Classic that have been upgraded up to the current release. |
Check Point R80.x |
Any node (physical IP) |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
Management traffic: HTTPS <TCP 443>
|
Required if you monitor these devices. Required for Check Point API |
Forcepoint (Stonesoft) |
Any node (physical IP) |
Stonesoft |
StoneSoft <TCP 8082> |
Required to retrieve StoneSoft configuration |
Any node (physical IP) |
Fortinet FortiManager |
HTTPS <TCP 443> |
Required for FortiManager API |
|
Panorama/ Palo Alto |
Any node (physical IP) |
Monitored Device |
HTTPS <TCP 443> |
Required to retrieve configuration and usage information from a panorama or Palo Alto device |
VMware NSX |
Any node (physical IP) |
Public Management API |
HTTPS <TCP 443> |
Required by Amazon SWF and beanstalk, and by Microsoft Azure |
VMware NSX |
Any node (physical IP) |
NSX Manager |
HTTPS <TCP 443> |
Required for NSX REST API |
Cisco ACI |
Any node (physical IP) |
vCenter |
SSL <TCP 443> |
Required for NSX vCenter API |
Cisco FMC |
Any node (physical IP) |
FMC | HTTPS <TCP 443> | Required for communication with the device |
OPM devices |
Monitored device |
|
HTTPS <TCP 9099> |
Required if OPM devices are monitored. Allows cluster to receive data from OPM devices |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague