Make sure you configuration the following firewall rules for the specified Logpoint services:
Port/Protocol |
Reason |
|---|---|
20 & 21 |
FTP collector and fetcher |
22 |
SSH connection and SCP Fetcher |
80 & 443 |
HTTP connection |
123 |
NTP |
161 & 162 |
SNMP features |
389 |
LDAP enrichment source |
514 & 6514 (SSL) |
Syslog collector |
1193 and 1194 |
Connection between Logpoint machines |
1311 |
Consolidated features for local and network-based server management |
6161 & 6162 (SSL) |
Snare collector |
6343 |
SFlow collector |
6379 |
Redis |
9001 |
Netflow collector |
18000 |
Webserver |
27017 |
Database |
6400, 6900-7099 |
Logpoint Collector |
Note
Fetchers with configurable ports are not listed above.
Some other ports may open based on the requests made by Logpoint services.
You must configure the following rules in your firewall to enable Logpoint UEBA on your machine.
Configure a firewall rule allowing port 6667 for outgoing connections with the following URLs:
ingest01.Logpoint.com
ingest02.Logpoint.com
ingest04.Logpoint.com
Configure a firewall rule allowing port 443 for outgoing connections with the URL reporting01.Logpoint.com.