Have a suggestion for the Armor Knowledge Base?
Send a message to firstname.lastname@example.org.
On September 26, Armor will be releasing a new version of Trend Micro Security, which will enhance the current logging subagent.
To accommodate this update, new and existing Armor Anywhere agent installations will require an additional firewall rule.
For Windows 2012 users, when you install the Armor Agent, the corresponding Trend Micro agent may cause your system to reboot. Trend Micro is currently researching this issue.
Before September 26, for any existing installations, please add the following rules:
|Outbound / Inbound||Service / Purpose||Port||Destination|
|Outbound||Malware Protection, FIM, IDS||4119/tcp|
For existing installations, do not remove any firewall rules.
After September 26, for new installations, review the following table of all the firewall rules you must add.
The following ports will need to be opened for each server registered with Armor Anywhere.
Inbound / Outbound
Service / Purpose
|Outbound||Malware Protection, FIM, IDS|
|Outbound||Log Management (Filebeat / Winlogbeat)||515/tcp|
|Inbound||Log Relay (Logstash)||The IP address for your virtual machine|
|Outbound||Log Relay (Armor's logging service (ELK))|
* The agent will perform a lookup to the applicable DNS entry, which may resolve to one of multiple Amazon Web Services based subnets. As a result, if your firewall does not support outbound filtering by domain name, then you may need to open all outbound traffic to 443/tcp to accommodate this service.
Additionally, verify that your proxy server can externally communicate.
To learn about more pre-installation information, see ANYWHERE Pre-Installation.