Ports Used by ADR
The following ports are used for communication between the various components of the ADR product. They must be allowed through any firewall that sits between the listed component.
| From | Port Type | Port Number | Protocol | Description | To |
| Analytics Engine (APE) | TCP | 80/443 | HTTP/HTTPS | Threat Feed download / yum update | Internet |
| TCP/UDP | 43 | WHOIS | For domain resolutions | ||
| TCP/UDP | 123 | NTP | Time Synchronization | NTP Server * | |
| TCP | 25/465/587 | SMTP/+SSL | For Email Notifications | SMTP Server * | |
| TCP/UDP | 53 | DNS | For DNS query | DNS Server * | |
| Collector (CCE) | TCP | 22 | SSH | Remediation | Windows Collector |
| TCP | 443 | HTTPS | Remediation | Firewalls | |
| TCP | 8443 | HTTPS | Internal Communication | APE | |
| TCP/UDP | 123 | NTP | Time Synchronization | NTP Server * | |
| TCP/UDP | 53 | DNS | For DNS query by logstash | DNS Server * | |
| TCP | 9092 | KAFKA | Logs & flows ingestion | Analytics Engine | |
| TCP | 2181 | ||||
| PC | TCP | 80/443 | HTTP/HTTPS | ARIA ADR UI | |
| TCP | 22 | SSH | Remote login to ARIA ADR | ||
| Windows Collector | TCP | 5985 | HTTP | Windows Events Subscription | Windows (AD/Desktop) |
| UDP | 5154 | JSON | Windows logs in JSON | Collector | |
| NXLog | UDP | 514 | Syslog | Syslog (MS Exchange, DNS, DHCP) | |
| Routers | UDP | 9995 | Netflow v5/v9/IPFIX | Netflows | |
| Switches | UDP | 6343 | Sflow | Sflow | |
| Firewalls | UDP | 9995 | Netflow v5/v9/IPFIX | Netflows | |
| UDP | 514 | Syslog | Firewall Logs | ||
| Servers | UDP | 514 | Syslog | Application Logs |
Green items are the most common ports that need to be opened.
* Server could be installed in Local network or may be pointing to Internet public host.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article