Follow

03/16/17: New Option to Close Inbound Ports After Provisioning | Software Updates

In This Article

Overview

You are now able to close all inbound ports to your environment from the Alert Logic® data centers for appliances that are already provisioned. Previously, Alert Logic required inbound port 22 to be open so that these devices could be managed via a secure shell. To eliminate this inbound requirement, we have enabled the appliances to initiate outbound, encrypted connections to the Alert Logic backend so that they may be managed by our staff when necessary. These connections are not perpetual and would only be initiated when appliance administration must be executed. Closing inbound port 22 can be done at your convenience and will not disrupt your Alert Logic Threat Manager™ and Log Manager™ services.

Note: These changes are for the CentOS version of Threat Manager and Log Manager appliances which are already provisioned. Also, for physical and virtual appliances, inbound port 22 and outbound port 80 must be opened for provisioning purposes but may be closed once provisioning is completed. New cloud images from Amazon Web Services (AWS) and Azure also must have port 80 opened for provisioning but may be closed when completed.

Back to top

Alert Logic Log Manager Appliances

Log Manager Appliances Outbound - US Data Center (CentOS)

If you are using the US Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.

Source Destination Protocol Port Description
Appliance 204.110.218.96/27 TCP 443 Updates and data transport
Appliance 204.110.219.96/27 TCP 443 Updates and data transport
Appliance 208.71.209.32/27 TCP 443 Updates and data transport
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance software updates

Log Manager Appliances Outbound - UK Data Center (OS)

If you are using the UK Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates and data transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance software updates

Back to top

Alert Logic Threat Manager Appliances

Threat Manager Appliances Outbound - US Data Center (CentOS)

If you are using the US Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.

Source Destination Protocol Port Description
Appliance 204.110.218.96/27 TCP 443 Updates
Appliance 204.110.219.96/27 TCP 443 Updates
Appliance 208.71.209.32/27 TCP 443 Updates
Appliance 204.110.218.96/27 TCP 4138 Event transport
Appliance 204.110.219.96/27 TCP 4138 Event transport
Appliance 208.71.209.32/27 TCP 4138 Event Transport
Appliance  8.8.4.4 TCP/UDP 53 DNS
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance Software Updates (First boot only)

Threat Manager Appliances Outbound - UK Data Center (CentOS)

If you are using the UK Data Center, the following outbound firewall rules are required only on networks with restrictive outbound traffic rules.

Source Destination Protocol Port Description
Appliance 185.54.124.0/24 TCP 443 Updates
Appliance 185.54.124.0/24 TCP 4138 Event Transport
Appliance 8.8.8.8 TCP/UDP 53 DNS
Appliance 8.8.4.4 TCP/UDP 53 DNS
Appliance 0.0.0.0/0 TCP 80 Appliance Software Updates (First boot only)

Back to top

Expected Questions

  1. What changes are occurring with this update?

    Alert Logic has implemented a new appliance management framework that enables communication and management tasks to occur without requiring inbound port 22 to remain open after provisioning.

  2. Do I need to take any action?

    No customer changes are required, but we recommend adjusting your firewall rules, stated in the charts above.

  3. Will my service be interrupted during this update?

    No. Your service will not be interrupted, but you can make changes to your network firewall rules if you choose.

  4. Does this update apply to all products? For the products for which this does apply, is it intended for all appliance versions?

    No. This update is specific to Threat Manager and Log Manager appliances. Web Security Manager™ appliances will be included in a future update. In addition, this update only applies to the CentOS version of these appliances for Log Manager and Threat Manager. If you have questions on which OS version your appliance is running, please contact support@alertlogic.com.

  5. What if I have older (Debian) appliances?

    This update will not work for the older version of Threat Manager and Log Manager appliances that are running Debian as the operating system. If you wish to take advantage of this update, please contact support@alertlogic.com to request an appliance upgrade.

  6. Do I have to open inbound port 22 and outbound port 80 if I have new appliances that I wish to deploy?

    This depends on the deployment type. AWS and Azure deployments do not need inbound port 22 or outbound port 80 opened at all. However, if you are deploying new physical appliances and virtual appliances (.OVAs), then you will need to ensure that inbound port 22 and outbound port 80 are opened for the provisioning process. Once provisioning is completed, then those inbound ports may be closed at the firewall.

  7. What is meant by "First boot only" for appliance software updates in the Threat Manager rules charts?

    This means that for the initial boot process only, the Alert Logic appliance will utilize reputable public CentOS repositories to pull down signed packages for the initial bootstrap process. This is strictly to get the appliance OS installed and activated on the appliance.

    Once the first boot is completed, you can close port 80, if desired, or eliminate the specific rule. You are able to do this because after the first boot is complete, the appliance will get updates from our own CentOS repositories and will do so over outbound port 443.

 Back to top

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.