The Change Guardian server uses several ports for internal and external communication. Ensure that you open the appropriate ports for your environment.
Component |
Ports |
Direction |
Required/ Optional |
Description |
---|---|---|---|---|
Policy Editor Console |
TCP 8443 |
Outbound |
Required |
Connects to the Change Guardian server for the following actions:
|
TCP 2620 |
Outbound |
Optional |
Allows remote object browsing to UNIX-based monitored assets. |
|
TCP 389 or TCP 636 |
Outbound |
Optional |
Allows remote object browsing to Active Directory. |
|
|
TCP 8443 |
Inbound |
Required |
Allows the Change Guardian server to receive events from monitored assets. NOTE:This port might not be needed if you are sending events from monitored assets to an alternate destination. |
Change Guardian Server |
TCP 389 or TCP 636 |
Outbound |
Required |
Enables the LDAP authentication and the expansion of Active Directory groups. The port initiates a connection to the LDAP server. |
|
TCP 25 |
Outbound |
Optional |
Default email port. This port may be different based on the specific email implementation. |
|
TCP 1099 and 2000 |
Inbound |
Required |
Used together by monitoring tools to connect to Change Guardian server process using Java Management Extensions (JMX). |
|
TCP 5432 |
Inbound |
Optional. By default, this port listens only on loopback interface. |
Used for the PostgreSQL database. |
|
TCP 137, 138, 139, 445 |
Outbound |
Optional |
Used if secondary storage is configured to CIFS. |
|
TCP/UDP 111 and TCP/UDP 2049 |
Outbound |
Optional |
Used if secondary storage is configured to NFS. |
UDP 514 or TCP 1468 |
Outbound |
Optional |
Used when Change Guardian forwards events to the system receiving Syslog messages. If the port is UDP, it sends a packet to the receiver. If the port is TCP, it initiates a connection to the receiver. |
|
|
TCP 32000 |
|
|
Used for internal communication between the wrapper process and the server process. |
|
TCP 9200 |
|
|
Used for communication with alert indexing service using REST. |
|
TCP 9300 |
|
|
Used for communication with alert indexing service using its native protocol. |
|
TCP 443 |
Inbound |
Optional |
Forwarded to 8443 for HTTPS communication. |
TCP 61616 |
Inbound |
Optional |
Used for incoming connections from Correlation Engines. |
|
|
TCP 9443 |
Inbound |
Required |
Used by the Change Guardian Appliance Management Console. |
JAVOS |
TCP 8094 |
inbound |
Required |
Allows the JAVOS service to accept connections from agents that are retrieving their assigned monitoring policies. |
TCP 9094 |
Inbound (loopback) |
Required |
Allows the Change Guardian server to call JAVOS on this port to signal/reset the event destination cache. |
|
TCP 9095 |
Inbound (loopback) |
Optional |
Allows users to see runtime metrics and active threads. |
|
Active Directory Accounts/LDAP Expander |
TCP 8088 |
Inbound (loopback) |
Required |
Allows the Change Guardian server to retrieve information about Active Directory accounts. |
TCP 8089 |
Inbound (loopback) |
Optional |
Allows users to see runtime metrics and active threads. |
|
Windows Monitoring Agents |
TCP 8094 |
Outbound |
Required |
Allows the agent to connect to the Change Guardian server to retrieve assigned monitoring policies. |
TCP 8094 |
Inbound |
Optional |
Allows the Policy Editor to connect to the agent to browse objects on the monitored asset. |
|
TCP 8443 |
Outbound |
Required |
Allows the agent to connect to the Change Guardian server or Sentinel to send events. |
|
UNIX Monitoring Agents |
TCP 8094 |
Outbound |
Required |
Allows the agent to connect to the Change Guardian server to retrieve assigned monitoring policies. |
TCP 2620 |
Inbound |
Optional |
Allows the Policy Editor to connect to the agent to browse objects on the monitored asset. |
|
TCP 8443 |
Outbound |
Required |
Allows the agent to connect to the Change Guardian server or Sentinel to send events. |
|
UNIX Agent Manager |
TCP 2620 |
Outbound |
Required |
Allows the UNIX Agent Manager to connect to a UNIX agent to get status and diagnostic information. |
TCP 2222 |
Outbound |
Required |
Allows the UNIX Agent Manager client to connect with the UNIX Agent Manager server. |
|
TCP 22 |
Outbound |
One of these is required. |
Used by UNIX Agent Manager in SSH connections that required SSH+SFTP access to computers targeted for remote agent deployment. |
|
TCP 21/23 |
Outbound |
Used by UNIX Agent Manager in Telnet/FTP connection that requires Telnet+FTP access to computers targeted for remote agent deployment. |
||
Agent Manager |
TCP 8082 |
Inbound |
Required |
Allows the agent to communicate with the Agent Manager. |
TCP 445 |
Outbound |
Required |
Allows the Agent Manager to deploy agents to Windows computers. |
|
|
TCP 22 |
Outbound |
Required |
Allows the Agent Manager to deploy agents to Windows computers. |