Lancope
NetFlow Ninjas Blog

Firewall rules required by StealthWatch 5.10

POSTED BY Adam Powers on 11.05.2009
2 comments

If you're installing a new StealthWatch System you should be aware that firewall rules might need to be updated to support communications between various StealthWatch components. The diagram below shows the various interconnections present in the 5.10 release of the StealthWatch System...

Updated diagram

Here's a table that reflects the diagram above...

Updated rules

NOTE1: If you have purchased a redundant StealthWatch Management Console (SMC) you'll want to copy the primary SMC's firewalls rules over to the secondary. They have almost identical communication requirements. The primary and secondary SMCs should have TCP/443 available in both directions between the two.

NOTE2: UDP/2055 is the most commonly used port for NetFlow but can be (and often is) changed to some other >1024 UDP port.

CATEGORIES StealthWatch
TAGS

Comments (2)

Post a Comment

Join the conversation. Post a comment using the form below.

*Name
 *Email
*Comment
*For security, enter the word you see below

Notify me of follow-up comments?

Juan Tejon on 11.10.2009

Your diagram is wrong.

ntp runs over udp port 123, not tcp port 119.

That’s nntp an entirely different protocol!

Adam Powers on 11.10.2009

Indeed! I’ll fix that up. Thanks Juan.