Enterprise Firewall Settings

If the nShield Monitor appliance is separated from any of its services (for example, NTP, DNS, SMTP server) or endpoints (for example, users devices) by a firewall, you must configure the firewall to allow passage of the appropriate IP protocols.

The table in this section lists the ports that, at a minimum, you must configure to support connectivity.

Port Configurations

Protocol	Transport	Port	Direction	Description
Echo1	N/A	N/A	Both	Echo/ICMP Pings
SSH	TCP/UDP	22	Inbound	nShield Monitor Remote Console Management
HTTPS	TCP	443	Both	nShield Monitor Web UI & firmware upgrade
DNS	TCP/UDP	53	Outbound	nShield Monitor Web UI & firmware upgrade DNS
NTP	UDP	123	Outbound	nShield Monitor utilization of Network Time Protocol
SNMP	UDP	161	Outbound	Monitoring devices via SNMPV3
SNMP	UDP	162	Outbound	SNMPV3 Notification
System Log	UDP	514	Outbound	Remote system log alerts
SMTP	TCP	25	Outbound	nShield Monitor sending email alerts
FTP	TCP	21	Both	nShield Monitor firmware upgrade option
HTTP	TCP/UDP	80	Outbound	nShield Monitor firmware upgrade option
Echo Reply			Both	ICMP Response (code 0)
Echo Request			Both	ICMP Request (code 8)

Protocol

Transport

Port

Direction

Description

Echo1

N/A

Both

Echo/ICMP Pings

SSH

TCP/UDP

Inbound

nShield Monitor Remote Console Management

HTTPS

TCP

443

Both

nShield Monitor Web UI & firmware upgrade

DNS

TCP/UDP

Outbound

nShield Monitor Web UI & firmware upgrade DNS

NTP

UDP

123

Outbound

nShield Monitor utilization of Network Time Protocol

SNMP

UDP

161

Outbound

Monitoring devices via SNMPV3

SNMP

UDP

162

Outbound

SNMPV3 Notification

System Log

UDP

514

Outbound

Remote system log alerts

SMTP

TCP

Outbound

nShield Monitor sending email alerts

FTP

TCP

Both

nShield Monitor firmware upgrade option

HTTP

TCP/UDP

Outbound

nShield Monitor firmware upgrade option

Echo Reply

Both

ICMP Response (code 0)

Echo Request

Both

ICMP Request (code 8)