Sentinel uses the following ports for internal communication with database and other internal processes:
Ports |
Description |
---|---|
TCP 5432 |
Used for the PostgreSQL database. You do not need to open this port by default. However, if you are developing reports by using the Sentinel SDK, then you must open this port. For more information, see the Sentinel Plug-in SDK Web site. |
TCP 27017 |
Used for the Security Intelligence configuration database. |
TCP 28017 |
Used for the Web interface for Security Intelligence database. |
TCP 32000 |
Used for internal communication between the wrapper process and the server process. |
Sentinel uses different ports for external communication with other components. For the appliance installation, the ports are opened on the firewall by default. However, for the standard installation, you need to configure the operating system on which you are installing Sentinel in order to open the ports on the firewall.
For Sentinel to work properly, ensure that the following ports are open on the firewall:
Ports |
Description |
---|---|
TCP 1099 and 2000 |
Used together by monitoring tools to connect to Sentinel server process using Java Management Extensions (JMX). |
TCP 1289 |
Used for Audit connections. |
UDP 1514 |
Used for syslog messages. |
TCP 8443 |
Used for HTTPS communication. |
TCP 1443 |
Used for SSL encrypted syslog messages. |
TCP 61616 |
Used for communication between Collector Managers and the server. |
TCP 10013 |
Used by the Sentinel Control Center and Solution Designer. |
TCP 1468 |
Used for syslog messages. |
TCP 10014 |
Used by the remote Collector Managers to connect to the server through the SSL proxy. However, this is uncommon. By default, remote Collector Managers use the SSL port 61616 to connect to the server. |
In addition to the above ports, the following ports are open on Sentinel server appliance.
Ports |
Description |
---|---|
TCP 22 |
Used for secure shell access to the Sentinel appliance. |
TCP 54984 |
Used by the Sentinel Appliance Management Console (WebYaST). Also used by the Sentinel appliance for the update service. |
TCP 289 |
Forwarded to 1289 for Audit connections. |
UDP 443 |
Forwarded to 8443 for HTTPS communication. |
UDP 514 |
Forwarded to 1514 for syslog messages. |
TCP 1290 |
This is the Sentinel Link port that is allowed to connect through the SuSE Firewall. |
UDP and TCP 40000 - 41000 |
Ports that can be used when configuring data collection servers, such as syslog. Sentinel does not listen on these ports by default. |
For Sentinel Collector Manager to work properly, ensure that the following ports are open on the firewall:
Ports |
Description |
---|---|
TCP 1289 |
Used for Audit connections. |
UDP 1514 |
Used for syslog messages. |
TCP 1443 |
Used for SSL encrypted syslog messages. |
TCP 1468 |
Used for syslog messages. |
TCP 1099 and 2000 |
Used together by monitoring tools to connect to Sentinel server process using Java Management Extensions (JMX). |
In addition to the above ports, the following ports are open on Sentinel Collector Manager appliance.
Ports |
Description |
---|---|
TCP 22 |
Used for secure shell access to the Sentinel appliance. |
TCP 54984 |
Used by the Sentinel Appliance Management Console (WebYaST). Also used by the Sentinel appliance for the update service. |
TCP 289 |
Forwarded to 1289 for Audit connections. |
UDP 514 |
Forwarded to 1514 for syslog messages. |
TCP 1290 |
This is the Sentinel Link port that is allowed to connect through the SuSE Firewall. |
UDP and TCP 40000 - 41000 |
Ports that can be used when configuring data collection servers, such as syslog. Sentinel does not listen on these ports by default. |
For Sentinel Correlation Engine to work properly, ensure that the following ports are open on the firewall:
Ports |
Description |
---|---|
TCP 1099 and 2000 |
Used together by monitoring tools to connect to Sentinel server process using Java Management Extensions (JMX). |
In addition to the above ports, the following ports are open on Sentinel Correlation Engine appliance.
Ports |
Description |
---|---|
TCP 22 |
Used for secure shell access to the Sentinel appliance. |
TCP 54984 |
Used by the Sentinel Appliance Management Console (WebYaST). Also used by the Sentinel appliance for the update service. |