TCP and UDP ports used by SuperAgent

Document ID : KB000049679
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

ISSUE:-

What ports does SuperAgent use? To ensure proper communication between SuperAgent's Master Console and Collectors, it is desired to know which ports must be open for proper firewall configurations, etc.

NOTE: Resolution depends on SuperAgent type:

  1. Standalone

  2. Distributed.

Solution:

RESOLUTION A (Standalone SuperAgent)

The following ports should be open:

  • Outbound UDP 53 - DNS

  • TCP 25 - SMTP Email reports

  • UDP 161 - SNMP

  • UDP 162 - Traps

  • ICMP Inbound ICMP

  • TCP 80 - Administrator and Users to Web GUI

  • TCP 3389 - Remote Desktop

RESOLUTION B (Distributed SuperAgent)

The following ports should be open:

Master Console

  • (Outbound) UDP 53 - DNS

  • TCP 25 - SMTP Email reports Collector (Outbound)

  • UDP 161 - SNMP

  • UDP 162 - Traps

  • ICMP Collector (Inbound)

  • TCP 80 - Administrator and Users to Web GUI

  • TCP 3389 - Remote Desktop

Collector

  • (Outbound) UDP 53 - DNS

  • UDP 161 - SNMP

  • UDP 162 - Traps

Master Console to Collector

  • TCP 1000 - SA Messenger <--- 1000 and 1001 are for status messages.

  • TCP 1001 - SA Investigation <--- off incidents and investigations (keep-alives).

  • TCP 3306 - MySQL <--- only applies to v6 or earlier!

  • TCP 8080 - For the master batch service to pull data files from the Collector.

Collector to Master Console

  • TCP 3306 - MySQL (SA 8.3 and prior)

  • TCP 3308 - MySQL (SA 9.0+)

  • TCP 1001 - SA Investigation <--- off incidents and investigations and are for status messages (keep-alives).

Master Console to Gigastor

  • TCP 1001

Master Console to Multi-Port Collector

  • TCP 8080

Multi-Port Collector to Master Console

  • TCP 3306 - MySQL (SA 8.3 and prior)

  • TCP 3308 - MySQL (SA 9.0+)

Gigastor to Aggregator

  • UDP 9995

Additional Info

In addition to the normal ports from previous SuperAgent product releases, 8.0+ introduces the following new components and ports when WAAS, GigaStor, or NAM are used:

On Master Console:

  • Data Transfer Manager service (WAAS only) listens on TCP 7878 for WAE and FlowAgent module. The service adds WAE to configuration and gives out Aggregator-WAE assignments.

On Aggregator:

  • Data Transfer Manager service (WAAS only) listens on TCP 7878 for WAE and FlowAgent module. It communicates the configuration to WAE and receives data. The service also talks on TCP 3306 to MySQL on the Master Console to retrieve configuration and update transient source information, such as the "clock_delta" and "data_time".

  • SuperAgent Service (GigaStor only) listens on UDP 9995 for GigaStor Reader.

On GigaStor:

  • Manager Service listens on TCP 1001 for the Master Console. Reader Service talks on UDP 9995 to SuperAgent Service on Aggregator.

On WAE:

  • The FlowAgent talks on TCP 7878 to Master Console and Aggregator.

On NAM:

  • The NAM forwards flow data to SuperAgent Standalone or Master Console on UDP 9996.

On Multiport Collector:

  • Port 80 is used for web administration