Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM Port and Firewall Requirements

SolarWinds LEM Port and Firewall Requirements

Overview

This page lists the firewall ports that you need to open to allow communication with SolarWinds LEM. Any firewalls that stand between any two points of communication should allow inbound and/or outbound traffic across the specified ports to ensure that LEM works properly.

In the table, "inbound" assumes that the LEM VM is behind the firewall, and that firewall rules allow network traffic through the firewall to the LEM VM.

Environment

All Versions of LEM.

If you use multiple SolarWinds products, see Port requirements for all SolarWinds products.

Details

Port # Protocol Service Direction Description
22, 32022 TCP SSH Bidirectional

SSH traffic to the SolarWinds LEM VM. (Port 22 is not used prior to version 6.3.x.)

If you need to close either ports 22 or 32022, contact SolarWinds Support.

25 TCP SMTP Outbound SMTP traffic from the SolarWinds LEM VM to your email server for automated email notifications.
80, 8080 TCP HTTP Bidirectional Non-secure HTTP traffic from the SolarWinds LEM console to the SolarWinds LEM VM. (LEM closes this port when activation completes, but you can re-open it with the CMC togglehttp command.)
139, 445 TCP NetBIOS, SMB Bidirectional

Standard Windows file sharing ports (NetBIOS Session Service, Microsoft SMB) that LEM uses to export debug files, syslog messages, and backup files.

The LEM Remote Agent Installer also uses these ports to install Agents on Microsoft Windows hosts across your network.

161, 162 TCP SNMP Bidirectional SNMP trap traffic received from devices, and used by the Orion platform to monitor LEM. (Monitoring LEM on port 161 is not used prior to version 6.3.x.)
389, 636 TCP  LDAP Outbound

LDAP ports that the LEM Directory Service Connector tool uses to communicate with a designated Active Directory domain controller.

The LEM Directory Service Connector tool uses port 636 for SSL communications to a designated Active Directory domain controller.

443, 8443 TCP HTTPS Bidirectional

HTTPS traffic from the SolarWinds LEM console to the LEM VM.

LEM uses these secure HTTP ports after LEM is activated.

(445) TCP     See entry for port 139.
514 TCP or UDP Syslog Inbound Syslog traffic from devices sending syslog event messages to the SolarWinds LEM VM.
(636) TCP     See entry for port 389.
2100 UDP NetFlow Inbound NetFlow traffic from devices sending NetFlow to the SolarWinds LEM VM.
6343 UDP sFlow Inbound sFlow traffic from devices sending sFlow to the SolarWinds LEM VM.
(8080) TCP     See entry for port 80.
(8443) TCP     See entry for port 443.
8983 TCP nDepth Inbound nDepth traffic sent from nDepth to the LEM VM containing raw (original) log data. 
9001 TCP LEM reports application Bidirectional LEM reports application traffic used to gather LEM teports data on the LEM VM.
(32022) TCP     See entry for port 22.
37890-37892 TCP LEM Agents Inbound LEM Agent traffic sent from SolarWinds LEM Agents to the SolarWinds LEM VM. (These ports correspond to the destination ports on the LEM VM.)
1024 –65535 TCP LEM Agents Outbound

The LEM Manager uses ephemeral ports to send return traffic from the LEM Manager to the LEM Agents. Operating systems have different ephemeral port ranges. When LEM requests an available port, the OS running the LEM Agent selects an available port number from a predefined range.

For information about OS-specific ephemeral port number ranges, see Ephemeral Source Port Selection Strategies. (© 2017 Team Cymru, available at https://www.cymru.com/, obtained on October 9, 2017.)

Note: LEM no longer uses the port listed in the following table.

Port # Protocol Service Direction Description
5433 TCP LEM Reports Inbound Port 5433 is no longer used. Previously, this port carried traffic from the SolarWinds LEM reports application to the SolarWinds LEM VM. This was used by versions prior to LEM 5.6, for which support ended December 2015.

URLs

  • To receive connector updates using the automatic connector update function, LEM needs access to the following URL:
    • http://downloads.solarwinds.com
  • To use the Threat Feeds function and the Automatic Connector Update function In LEM 6.2 and later, LEM needs access to the following URL:
    • https://rules.emergingthreats.net/fwrules/

Comments

 

 

Last modified
11:21, 8 Dec 2016

Tags

Classifications

Public