Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Port and Firewall Requirements

SolarWinds LEM Port and Firewall Requirements

Overview

This page lists the firewall ports that you need to open to allow communication with SolarWinds LEM. Any firewalls that stand between any two points of communication should allow inbound and/or outbound traffic across the specified ports to ensure that LEM works properly.

In the table, "inbound" assumes that the LEM VM is behind the firewall, and that firewall rules allow network traffic through the firewall to the LEM VM.

Environment

All Versions of LEM.

If you use multiple SolarWinds products, see Port requirements for all SolarWinds products.

Details

Port # Protocol Service Direction Description
22, 32022 TCP SSH Bidirectional SSH traffic to the SolarWinds LEM VM. (Port 22 is not used prior to version 6.3.x.)
25 TCP SMTP Outbound SMTP traffic from the SolarWinds LEM VM to your email server for automated email notifications.
80, 8080 TCP HTTP Bidirectional Non-secure HTTP traffic from the SolarWinds LEM Console to the SolarWinds LEM VM. (LEM closes this port when activation completes, but you can re-open it with the CMC togglehttp command.)
139, 445 TCP NetBIOS, SMB Bidirectional

Standard Windows file sharing ports (NetBIOS Session Service, Microsoft SMB) that LEM uses to export debug files, syslog messages, and backup files.

The LEM Remote Agent Installer also uses these ports to install agents on Microsoft Windows hosts across your network.

161, 162 TCP SNMP Bidirectional SNMP trap traffic received from devices, and used by Orion to monitor LEM. (Monitoring LEM on port 161 is not used prior to version 6.3.x.)
389, 636 TCP  LDAP Outbound

LDAP ports that the LEM Directory Service Connector tool uses to communicate with a designated Active Directory domain controller.

The LEM Directory Service Connector tool uses port 636 for SSL communications to a designated Active Directory domain controller.

443, 8443 TCP HTTPS Bidirectional

HTTPS traffic from the SolarWinds LEM Console to the LEM VM.

LEM uses these secure HTTP ports after LEM is activated.

(445) TCP     See entry for port 139.
514 TCP or UDP Syslog Inbound Syslog traffic from devices sending syslog event messages to the SolarWinds LEM VM.
(636) TCP     See entry for port 389.
2100 UDP NetFlow Inbound NetFlow traffic from devices sending NetFlow to the SolarWinds LEM VM.
6343 UDP sFlow Inbound sFlow traffic from devices sending sFlow to the SolarWinds LEM VM.
(8080) TCP     See entry for port 80.
(8443) TCP     See entry for port 443.
8983 TCP nDepth Inbound nDepth traffic sent from nDepth to the LEM VM containing raw (original) log data. 
9001 TCP LEM Reports Bidirectional LEM Reports traffic used to gather LEM Reports data on the LEM VM.
(32022) TCP     See entry for port 22.
37890-37892 TCP LEM Agents Inbound LEM Agent traffic sent from SolarWinds LEM Agents to the SolarWinds LEM VM. (These ports correspond to the destination ports on the LEM VM.)
37893-37896 TCP LEM Agents Outbound LEM Agent return traffic sent from the SolarWinds LEM VM to the SolarWinds LEM Agents. (These ports correspond to the destination ports on the LEM agents.)

Note: LEM no longer uses the port listed in the following table.

Port # Protocol Service Direction Description
5433 TCP LEM Reports Inbound Port 5433 is no longer used. Previously, this port carried traffic from SolarWinds LEM Reports to the SolarWinds LEM VM. This was used by versions prior to LEM 5.6, for which support ended December 2015.

In LEM 6.2 and later, LEM will need access to the following URL to use the automatic connector update function and the Threat Feeds function:

  • https://rules.emergingthreats.net/fwrules/

Comments

 

 

Last modified
11:21, 8 Dec 2016

Tags

Classifications

Public