Firewall Ports

Owned by Carlos Osorio
Last updated: Oct 24, 2022 by Steve Challans
2 min read


SUMMARY

  • April 24, 2020

The Snare Server and Snare Enterprise agents use the following ports and must be considered for when access will pass through a firewall so the relevant firewall rules can be made.

Snare Central Server

  • Collects logs on UDP/TCP port 514 for syslog devices like firewalls, routers switches, other syslog appliances. It can also use tls on tcp port 6514

  • Snare Agents logs are received on UDP/TCP 6161

  • Snare Agents encrypted logs from TLS agents on TCP 6163 and 6164 using TLS_AUTH

  • NTP is on UDP 123 for network time

  • SSH network access is on TCP port 22 for the CLI access

  • Web interface uses TCP port 80/443

  • SNMP-traps UDP port 162

  • FTP on TCP port 20/21 - if enabled

  • NetBIOS UDP/138/139 TCP 139/445– if enabled

  • If using OpenVAS then port HTTPS over TCP 9392 is used in V8 Snare Central

Snare Agents

  • Windows/Linux/Solaris/MAC OSX agents agent sends logs on UDP/TCP port 6161, TLS is on port 6163, Agent web management is on TCP port 6161, for example http://<localhost>:6161, or if 'web server protocol' set in the version 5 agent to use HTTPS, https://<localhost>:6161

  • Epilog/Unix Epilog agent sends logs on UDP/TCP port 6161, TLS is on port 6163 and 6164 for TLS_AUTH, Agent web management is on TCP port 6162 (http://<localhost>:6162) or if 'web server protocol' set in the version 5 agent to use HTTPS, https://<localhost>:6162

  • MSSQL agent sends logs on UDP/TCP port 6161, TLS is on port 6163, Agent web management is on TCP port 6163 (http://<localhost>:6163) or if 'web server protocol' set in the version 5 agent to use HTTPS, https://<localhost>:6163

Snare Agent Manager (SAM)

  • Inbound communication from v5 Snare Enterprise Agents TCP port 6262

  • Web management interface is on TCP port 6261 (https://<localhost>:6261)