On This Page
Device-Related Ports
These ports need to be opened either on the Central Cluster or the Remote Collector cluster, depending on where the devices are being monitored. For more information, see TOS Aurora Architecture.
For Monitored Devices |
Source |
Destination |
Service / Port |
Description |
---|---|---|---|---|
All except CheckPoint, Amazon AWS, Microsoft Azure, OpenStack |
Monitored device |
|
Syslog <UDP 514> (default) or alternative port as configured |
Required if you configure these devices to send syslogs for 'real-time' accountability and usage data |
BlueCoat, Cisco IOS-based, Cisco FTD (for dynamic topology only), JuniperOS-based, F5 |
All Cluster Nodes Network IPs |
Monitored device |
SSH <TCP 22> |
Required when you monitor these devices. Used to retrieve configuration and usage information from the device |
Check Point |
All Cluster Nodes Network IPs |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
FW1_ica_pull <TCP 18210>
|
Required when you monitor these devices. Used to establish trust with the TOS Aurora machine |
Check Point |
All Cluster Nodes Network IPs |
|
FW1_lea <TCP 18184> |
Required if you configure real-time notifications from these devices for policy changes, audit log forwarding or operating system log forwarding |
Check Point |
All Cluster Nodes Network IPs |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
CPMI <TCP 18190> |
Required if you monitor these devices. Retrieve configuration |
Check Point |
All Cluster Nodes Network IPs |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
TCP encrypted <TCP 6514> |
Required if you monitor these devices. Retrieve configuration |
Check Point (multi-node implementation) |
All Cluster Nodes Network IPs |
FireWall-1/VPN-1® gateway |
SNMP <UDP 161> (default) or alternative port as configured |
Required if you monitor these devices. Used to retrieve operating system-level data from monitored Firewall gateways |
Check Point R80.x |
All Cluster Nodes Network IPs |
FireWall-1/VPN-1® Management (SmartCenters, Provider-1 CMAs, Smart-1 Cloud, and MDSs) |
Management traffic: HTTPS <TCP 443>
|
Required if you monitor these devices. Required for Check Point API |
Stonesoft |
All Cluster Nodes Network IPs |
Stonesoft |
StoneSoft <TCP 8082> |
Required to retrieve StoneSoft configuration |
Juniper NSM |
All Cluster Nodes Network IPs |
Juniper NSM |
Juniper NSM <TCP 8443> |
Required to retrieve Juniper NSM configuration |
All Cluster Nodes Network IPs |
Fortinet FortiManager |
HTTPS <TCP 443> |
Required for FortiManager API |
|
Panorama/ Palo Alto |
All Cluster Nodes Network IPs |
Monitored Device |
HTTPS <TCP 443> |
Required to retrieve configuration and usage information from a panorama or Palo Alto device |
Amazon AWS, Google GCP, Microsoft Azure |
All Cluster Nodes Network IPs |
Public Management API |
HTTPS <TCP 443> |
Required by Amazon SWF and beanstalk, and by Microsoft Azure |
OpenStack |
All Cluster Nodes Network IPs |
OpenStack Identity service (keystone) |
HTTP, HTTPS <TCP 5000> |
Required by OpenStack Keystone for the identity service public endpoint (Note: port is user-configurable in Keystone). From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
OpenStack |
All Cluster Nodes Network IPs |
OpenStack Networking service (neutron) |
HTTP, HTTPS <TCP 9696> |
Required by OpenStack Neutron networking. From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
OpenStack |
All Cluster Nodes Network IPs |
OpenStack Compute service (nova) |
HTTP, HTTPS <TCP 8774> |
Required by OpenStack Nova for the compute endpoints. From R23-1, Openstack is EOL and you cannot add new devices. existing devices can still be used. |
NSX |
All Cluster Nodes Network IPs |
NSX Manager |
HTTPS <TCP 443> |
Required for NSX REST API |
NSX |
All Cluster Nodes Network IPs |
vCenter |
SSL <TCP 443> |
Required for NSX vCenter API |
ACI |
All Cluster Nodes Network IPs |
APIC |
HTTPS <TCP 443> |
Required for ACI REST API |
FMC |
All Cluster Nodes Network IPs |
FMC | HTTPS <TCP 443> | Required for communication with the device |
ASA, IOS L3 Switch,Nexus, Cisco routers (IOS or IOS XE |
All Cluster Nodes Network IPs |
Monitored device | SSH <TCP> | Required for communication with the device |
OPM devices |
Monitored device |
|
HTTPS <TCP 9099> |
Required if OPM devices are monitored. Allows cluster to receive data from OPM devices |
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague