What Are the Network Requirements?

August 15, 2019
F
What Are the Network Requirements?

Required Internet Connectivity

If the installation enables a firewall, make sure you allow at least the following traffic:

A. Incoming to the AC-Hunter system, allow incoming TCP ports 22, 80, 443.

B. Incoming to the Zeek system, allow incoming TCP port 22. For the interface(s) used to sniff traffic, there should be no incoming firewall at all.

C. If you’re setting up a third Active-Flow system to process netflow records, that system should accept incoming TCP port 22 and UDP port 2055.

D. You can further restrict the above ports so that only machines owned by administrators and the Zeek and Active-Flow nodes can access port 22, only machines that should see the AC-Hunter web interface can access ports 80 and 443 on the AC-Hunter computer, and only the routers feeding netflow records can access UDP port 2055 on Active-Flow.

E. All systems should be able to place UDP port 53 and TCP ports 53, 80, and 443 requests out to the Internet to retrieve patches and pull down supporting information used in AC-Hunter’s web UI.

 

Future versions of AC-Hunter may use outbound https connections to retrieve reputation information. Details about this access will be added as these features are included.

 

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=874

Category: Installation
Tags: