Page tree




In This Document 


Was this document useful? 
Your Rating:
Results:
1 Star2 Star3 Star4 Star5 Star
1 rates


Have a suggestion for the Armor Knowledge Base? Send a message to kb@armor.com.



Overview

On September 26, Armor will be releasing a new version of Trend Micro Security, which will enhance the current logging subagent.

To accommodate this update, new and existing Armor Anywhere agent installations will require an additional firewall rule.

For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.



Existing installations 

Before September 26, for any existing installations, please add the following rules:  

Outbound / inboundService / purposePortDestination
OutboundMalware Protection, FIM, IDS4119/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundDSM4120/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundRelay4122/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)

For existing installations, do not remove any firewall rules. 


New installations 

After September 26, for new installations, review the following table of all the firewall rules you must add.

The following ports will need to be opened for each server registered with Armor Anywhere.

Inbound / OutboundService / PurposePortDestination
OutboundArmor Agent443/tcp
  • 146.88.106.210  
    • (api.armor.com)
OutboundMalware Protection, FIM, IDS

4119/tcp

  • 146.88.106.197  
    • (1a.epsec.armor.com)
  • 146.88.114.197  
    • (2a.epsec.armor.com)
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundDSM4120/tcp
  • 146.88.106.197
    • (1b.epsec.armor.com)
  • 146.88.114.197
    • (2b.epsec.armor.com)
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundRelay4122/tcp
  • 146.88.106.197
    • (1c.epsec.armor.com)
  • 146.88.114.197
    • (2c.epsec.armor.com)
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundLog Management (Filebeat / Winlogbeat)515/tcp
  • 146.88.106.196  
    • (1a.log.armor.com)
  • 146.88.144.196  
    • (2a.log.armor.com)
OutboundMonitoring8443/tcp
  • 146.88.106.200  
    • (1a.mon.armor.com)
  • 146.88.114.200  
    • (2a.mon.armor.com)
OutboundRemote Access443/tcp
  • 146.88.106.216 
    • (1a.rs.armor.com)
  • 146.88.114.216
    • (alternate)
Outbound

Vulnerability Scanning



*443/tcp
  • 34.226.68.35
  • 54.144.111.231
  • 52.203.25.223
  • 34.236.161.191
    • endpoint.ingress.rapid7.com
    • (United States)

  • 52.60.40.157
  • 52.60.107.153
    • ca.endpoint.ingress.rapid7.com
    • (Canada)

  • 3.120.196.152
  • 3.120.221.108
    • eu.endpoint.ingress.rapid7.com
    • (Europe)

  • 52.64.24.140
  • 13.55.81.47
  • 13.236.168.124
    • au.endpoint.ingress.rapid7.com
    • (Australia)
  • 103.4.8.209
  • 18.182.167.99
    • ap.endpoint.ingress.rapid7.com
    • (Japan/Asia/Asia Pacific)
Outbound

Vulnerability Scanning

*443/tcp
  • s3.amazonaws.com
    • (United States)
  • s3.ca-central-1.amazonaws.com
    • (Canada)
  • s3.eu-central-1.amazonaws.com
    • (Europe)
  • s3.ap-northeast-1.amazonaws.com
    • (Asia / Asia Pacific)
  • s3-ap-southeast-2.amazonaws.com
    • (Australia)
InboundLog Relay (Logstash)
  • 5140/udp
  • 5141/tcp
The IP address for your virtual machine
OutboundLog Relay (Armor's logging service (ELK))
  • 5443/tcp
  • 5400-5600/tcp (Reserved)
    • Armor reserves the right to utilize this port range for future expansion or service changes.

1c.log.armor.com

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.


* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

Additionally, verify that your proxy server can externally communicate.


Additional documentation 

To learn about more pre-installation information, see Requirements for Armor Anywhere