Page tree


Knowledge Base


Feedback

Have a suggestion for the Armor Knowledge Base?

Send a message to
kb@armor.com.









On September 26, Armor will be releasing a new version of Trend Micro Security, which will enhance the current logging subagent.

To accommodate this update, new and existing Armor Anywhere agent installations will require an additional firewall rule.

For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.


Existing Installations 


Before September 26, for any existing installations, please add the following rules:  

Outbound / InboundService / PurposePortDestination
OutboundMalware Protection, FIM, IDS4119/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundDSM4120/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)
OutboundRelay4122/tcp
  • 35.163.135.130
  • 34.214.246.111
  • 52.13.172.208
    • (3a.epsec.armor.com)

For existing installations, do not remove any firewall rules. 


New Installations 


After September 26, for new installations, review the following table of all the firewall rules you must add.

The following ports will need to be opened for each server registered with Armor Anywhere.

Inbound / Outbound

Service / Purpose

Port

Destination

OutboundArmor Agent443/tcp
OutboundMalware Protection, FIM, IDS

4119/tcp

OutboundDSM4120/tcp
OutboundRelay4122/tcp
OutboundLog Management (Filebeat / Winlogbeat)515/tcp
OutboundMonitoring8443/tcp
OutboundRemote Access443/tcp
Outbound

Vulnerability Scanning



*443/tcp
InboundLog Relay (Logstash)
  • 5140/udp
  • 5141/tcp
The IP address for your virtual machine
OutboundLog Relay (Armor's logging service (ELK))
  • 5443/tcp
  • 5400-5600/tcp (Reserved)
    • Armor reserves the right to utilize this port range for future expansion or service changes.

1c.log.armor.com

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.


* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.

Additionally, verify that your proxy server can externally communicate.


Additional Documentation 

To learn about more pre-installation information, see ANYWHERE Pre-Installation