NetMon Networking and Communication
Because NetMon is an all-in-one product, the following are the only ports required to be opened and accessible through your firewall in order for NetMon to function correctly.
For NIC(s) capturing network traffic, the network TAP and mirror feeds should not be restricted by a firewall or monitoring will be impacted.
Direction | Port | Protocol | Source | Destination | Purpose |
|---|---|---|---|---|---|
Outbound | Custom | TCP or UDP - Syslog/JSON | NetMon | Windows System Monitor Agent | Syslog feed of data to the LogRhythm SIEM. |
Inbound | 443 | HTTPS | WebGUI | NetMon | Allows NetMon and the Web UI to function. |
Inbound | 22 | SSH | Operating System | NetMon | Allows for OS-level management. |