Public IPs allowed on intermediate firewall policy to receive syslogs from Aperture
0
Created On 09/25/18 15:19 PM - Last Modified 06/29/22 21:38 PM
Symptom
Aperture can be configured to forward syslogs to an External Syslog Server which is usually located behind a perimeter device such as Palo Alto Networks Firewall.
Therefore, users would want to configure their security policy to restrict the syslog traffic sourced from certain Aperture endpoints only, instead of leaving the firewall open to all internet traffic.
Resolution
The following public IP addresses need to be allowed on UDP port 514 on the downstream firewall to receive syslogs on their Syslog Server:
Aperture IP addresses:
- 52.8.13.242
- 52.8.40.56
- 52.8.93.28
- 54.67.77.65
- 54.219.134.168
- 54.219.180.40
Port to open
- UDP Port 514