Public IPs allowed on intermediate firewall policy to receive syslogs from Aperture

Public IPs allowed on intermediate firewall policy to receive syslogs from Aperture

0
Created On 09/25/18 15:19 PM - Last Modified 06/29/22 21:38 PM


Symptom


Aperture can be configured to forward syslogs to an External Syslog Server which is usually located behind a perimeter device such as Palo Alto Networks Firewall.

Therefore, users would want to configure their security policy to restrict the syslog traffic sourced from certain Aperture endpoints only, instead of leaving the firewall open to all internet traffic.

 

Resolution


The following public IP addresses need to be allowed on UDP port 514 on the downstream firewall to receive syslogs on their Syslog Server:

Aperture IP addresses:

  • 52.8.13.242
  • 52.8.40.56
  • 52.8.93.28
  • 54.67.77.65
  • 54.219.134.168
  • 54.219.180.40

Port to open

  • UDP Port 514
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClDmCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail