The To function to their full potential both Snare Agent Manager (SAM) and the Snare Agents use the following network default network Enterprise Agents require allowances to transmit data through corporate firewalls. Below are the default ports and protocols . Customers will need these specific ports through firewalls for agents to obtain licenses and for web interface management.
| Snare Product | Version | Use | Protocol | Listening Port |
|---|---|---|---|---|
Snare Agent Manager
| All | WebUI Agent to SAM Communications | TCP TCP | 6261 6262 |
Snare Enterprise for Windows Agent | 4.0.x-4.3.x | SAM to Agent Communication / WebUI | TCP | 6161 |
| Snare Enterprise for Epilog Agent | 1.7.x-1.8.x | SAM to Agent Communication / WebUI | TCP | 6162 |
| Snare Enterprise for MSSQL Agent | 1.2.x-1.4.x | SAM to Agent Communication / WebUI | TCP | 6163 |
| Snare OpenSource | 4.0.2.2 | SAM to Agent Communication / WebUI | TCP | 6161 |
The web management ports for SAM and the Snare Agents are as follows:
| Snare Product | Agent Web UI | Protocol | Port |
|---|---|---|---|
| Snare Agent Manager | TCP | 6261 | |
Snare Enterprise for Windows Agent | http://<IP address>:6161 or https://<IP address>:6161 | TCP | 6161 |
| Snare Enterprise for Epilog Agent | http://<IP address>:6162 or https://<IP address>:6161 | TCP | 6162 |
| Snare Enterprise for MSSQL Agent | http://<IP address>:6163 or https://<IP address>:6161 | TCP | 6163 |
...
| title | Note |
|---|
...
used by these products. Please take time to consider the information here and adjust your network firewall configuration accordingly.
Snare Agent Manager
The Snare Agent Manager requires network connections for two important tasks:
- Configuration via its web management interface
- Communication and licensing of Snare Agents
If deploying the SAM for use for agents running on the Internet, then it is recommended to use the SAM in a DMZ and only expose the tcp port 6262 to the internet for client systems to connect to. Its considered general security practice to never expose the corporate LAN systems to the Internet directly. The web management port for the SAM should be under access restrictions due to providing admin access to the application. This concept is the same for when the SAM in Snare Central is used for providing agent license access to systems on the Internet, ie the Snare Central server for this should be a separate server running in the DMZ.
The table below outlines the default ports used for each Snare products when communicating with SAM.
| Snare Product | Protocol | *Listening Port | Use |
|---|---|---|---|
Snare Agent Manager | TCP | 6261 | Web Management Interface |
| 6262 | Inbound communication from v5 Snare Enterprise Agents | ||
Snare Enterprise Agent for Windows | 6161 | Accessed by SAM during Network Scans | |
| Snare Enterprise Agent for Linux | |||
| Snare Enterprise Agent for Solaris | |||
| Snare Enterprise Agent for OSX | |||
| Snare Enterprise Epilog for Windows | 6162 | ||
| Snare Enterprise Epilog for Unix | |||
| Snare Enterprise Agent for MSSQL | 6163 | ||
| Snare OpenSource | 6161 |
*Default ports
Agent Management Console (via Snare Server)
The Agent Management Console (AMC) requires network connections when communication with Snare Enterprise Agents.
The table below outlines the default ports used for each Snare products when communicating with AMC.
| Snare Product | Protocol | *Listening Port |
|---|---|---|
| Agent Management Console (via Snare Server) | TCP | 80 or 443 |
Snare Enterprise Agent for Windows | 6161 | |
| Snare Enterprise Agent for Linux | ||
| Snare Enterprise Agent for Solaris | ||
| Snare Enterprise Agent for OSX | ||
| Snare Enterprise Epilog for Windows | 6162 | |
| Snare Enterprise Epilog for Unix | ||
| Snare Enterprise Agent for MSSQL | 6163 | |
| Snare OpenSource | 6161 |
*Default ports
Snare Enterprise Agents - Web Management Interface
All Snare Enterprise Agents provide a web management interface that enables easy configuration and maintenance of the software.
The table below outlines the default ports used by each Agent.
| Snare Product | Protocol | *Listening Port |
|---|---|---|
Snare Enterprise Agent for Windows | TCP | 6161 |
Snare Enterprise Agent for Linux | ||
Snare Enterprise Agent for Solaris | ||
Snare Enterprise Agent for OSX | ||
| Snare Enterprise Epilog for Windows | 6162 | |
| Snare Enterprise Epilog for Unix | ||
| Snare Enterprise Agent for MSSQL | 6163 |
*Default ports
| Note |
|---|
| The default port is used independent of HTTP or HTTPS configuration for the web management interface. |