Examples of LogLogic Port Assignments

Log Message Push

Description Protocol Port # Comments
Syslog UDP 514 Used for incoming syslog data. You can change this port number from 514 in the System Settings > General tab Syslog UDP Port field. If you change this port number, you must add the other port number here.
Blue Coat/Netcache HTTP/ HTTPS 4433 Used for incoming HTTPS streams from log sources such as Blue Coat ProxySG and NetApp Netcache.

Check Point

Description Protocol Port # Comments
lea_server LEA/TCP 18184 Used to transfer log messages.
cpmi_server TCP 18190 Default port. Used for rule listing and firewall/interface auto-discover. Note: Must match Check Point Manager Server.
SIC TCP 18210 Used to establish connection with the Check Point Management Interface (CPMI). SIC - Secure Internal Communication
CMPI Forwarding UDP 5514 Used for collecting LogLogic streams from the Check Point Management Interface through the rtchpk utility.

GUI

Description Protocol Port # Comments
Browser HTTP 80 Used for internal web browser access requests to the LogLogic Appliance. The requests are redirected to port 443 (HTTPS).
Browser HTTPS 443 Used for incoming HTTPS requests to the GUI. The requests are redirected from port 80 (HTTP).
Browser HTTP 8080 Browser redirects during upgrade.
Note: If you are running java 1.8.0_x, you must perform the following steps:
  1. As administrator, update your C:\Program Files (x86)\Java\jre1.8.0_x\lib\security\java.policy file and grant the following permission to non-abbreviated IPv6 address: 
    grant { permission java.net.SocketPermission "fd00:0:0:0:0:aaaa:a73:1a3d", "connect,resolve"; };

    You can also add permissions to both abbreviated and non-abbreviated addresses: 

    grant { permission java.net.SocketPermission "fd00:0:0:0:0:aaaa:a73:1a3d", "connect,resolve"; };
grant { permission java.net.SocketPermission "fd00::aaaa:a73:1a3d", "connect,resolve"; };

    The IP address should be replaced with the IP address of your appliance.

  2. In Control Panel > java > Security add the following to the exception list: 
    https://[fd00::aaaa:a73:1a3d]:443, where "fd00::aaaa:a73:1a3d” is your appliance IP
https://[fd00:0:0:0:0:aaaa:a73:1a3d]:443, where "fd00:0:0:0:0:aaaa:a73:1a3d” id the non-abbreviated version for your appliance IP
Note: Appliance IP address can be either IPv4 or IPv6. Both are supported.

Miscellaneous

Description Protocol Port # Comments
CLI Access SSH 22 Used for SSH client access. Configured on/off.
NTP NTP 123 Used by the Network Time Protocol Daemon (NTPD).
Browser HTTPS 443 Used for SSL two-way handshake.

Failover

Description Protocol Port # Comments
High Availability Failover Rsync 4400 Used by the replication sync failover service.
High Availability Failover MySQL 3306 Used by the MySQL failover service.

Outbound Traffic

Description Protocol Port # Comments
LogLogic TCP TCP 5514 Used for collecting LogLogic streams from the Check Point Management Interface via the rtchpk utility.
LogLogic TCP TCP 9443 Used by Management Station to send requests from the Management Station to a Remote Appliance.
LogLogic TCP TCP 9443 Used for sending updates from a Remote Appliance to the Management Station.
Syslog Alert UDP 514 Used for incoming syslog data. You can change this port number on the System Settings > General tab > the Syslog UDP Port field. If you change this port number, you must add the other port number here.
SNMP Alerts UDP 161 Used for incoming SNMP client requests.
SNMP Notification UDP 162 Used for incoming and outgoing SNMP trap messages. (Internal alerts from LogLogic LX Appliance or LogLogic ST Appliance, and log collection)