Deleting an Input Rule

Use the Administration > Firewall Settings tab to delete input rules and define your Firewall Settings.

You can also use the CLI command system firewall to add or delete a firewall rule, or to turn the firewall on or off. For details, see system Command.

Procedure

  1. Select Enable IP Firewall.
  2. Click the icon for the rule to delete.
  3. Click OK to exit the confirmation window.
  4. You must click Apply to accept the changes.
    Note: The appliance treats port 443 (HTTPS) differently; you cannot delete the last rule for port 443. This prevents you from losing browser access to your appliance; at the same time letting you restrict access to port 443.

    For a list of ports, see Port Assignments.

Example of LogLogic Port Assignments

Log Message Push
Description Protocol Port # Comments
Syslog UDP 514 Used for incoming syslog data. You can change this port number from 514 in the System Settings > General tab Syslog UDP Port field. If you change this port number, you must add the other port number here.
Blue Coat/Netcache HTTP/ HTTPS 4433 Used for incoming HTTPS streams from log sources such as Blue Coat ProxySG and NetApp Netcache.
Check Point
Description Protocol Port # Comments
lea_server LEA/TCP 18184 Used to transfer log messages.
cpmi_server TCP 18190 Default port. Used for rule listing and firewall/interface auto-discover. Note: Must match Check Point Manager Server.
SIC TCP 18210 Used to establish connection with the Check Point Management Interface (CPMI). SIC - Secure Internal Communication
CMPI Forwarding UDP 5514 Used for collecting LogLogic streams from the Check Point Management Interface through the rtchpk utility.
GUI
Description Protocol Port # Comments
Browser HTTP 80 Used for internal web browser access requests to the LogLogic Appliance. The requests are redirected to port 443 (HTTPS).
Browser HTTPS 443 Used for incoming HTTPS requests to the GUI and Web Services APIs. The requests are redirected from port 80 (HTTP).
Browser HTTP 8080 Browser redirects during upgrade.
Real-Time Viewer TCP 4514 Used for Real-Time Viewer client connections. Uses Java applet; some versions of Java will not work. Java 1.8.0.x is recommended.
Note: If you are running java 1.8.0_x you will need to perform the following steps:
  1. As administrator, update your file C:\Program Files (x86)\Java\jre1.8.0_x\lib\security\java.policy and grant the following permission to non-abbreviated IPv6 address:
    grant { permission java.net.SocketPermission "fd00:0:0:0:0:aaaa:a73:1a3d", "connect,resolve"; };

    You can also add permissions to both abbreviated and non-abbreviated addresses:

    grant { permission java.net.SocketPermission "fd00:0:0:0:0:aaaa:a73:1a3d", "connect,resolve"; };
    grant { permission java.net.SocketPermission "fd00::aaaa:a73:1a3d", "connect,resolve"; };

    The IP address should be replaced with the IP address of your appliance.

  2. In Control Panel > java > Security add the following to the exception list:
    https://[fd00::aaaa:a73:1a3d]:443, where "fd00::aaaa:a73:1a3d” is your appliance IP
    https://[fd00:0:0:0:0:aaaa:a73:1a3d]:443, where "fd00:0:0:0:0:aaaa:a73:1a3d” id the non-abbreviated version for your appliance IP
Note: Appliance IP Address can be either IPv4 or IPv6. Both are supported.
Miscellaneous
Description Protocol Port # Comments
CLI Access SSH 22 Used for SSH client access. Configured on/off.
NTP NTP 123 Used by the Network Time Protocol Daemon (NTPD).
Browser HTTPS 443 Used for SSL two-way handshake.
Failover
Description Protocol Port # Comments
High Availability Failover Rsync 4400 Used by the replication sync failover service.
High Availability Failover MySQL 3306 Used by the MySQL failover service.
Outbound Traffic
Description Protocol Port # Comments
LogLogic TCP TCP 5514 Used for collecting LogLogic streams from the Check Point Management Interface via the rtchpk utility.
LogLogic TCP TCP 4443 Used by Management Station to send requests from the Management Station to a remote Appliance.
LogLogic TCP TCP 4443 Used for sending updates from a Remote Appliance to the Management Station.
Syslog Alert UDP 514 Used for incoming syslog data. You can change this port number from 514 in the System Settings > General tab Syslog UDP Port field. If you change this port number, you must add the other port number here.
SNMP Alerts UDP 161 Used for incoming SNMP client requests.
SNMP Notification UDP 162 Used for incoming and out going SNMP trap messages. (Internal LX/ST Alerts and log collection)