Skip to main content
Skip table of contents

AA Agent Port-Forwarding and Proxy Server and Client Deployment

In some environments, architectural configurations may prevent Armor services from properly communicating security updates and offering monitoring services.

If your network environment's servers are behind specific firewall controls that block regular outbound communication, then you may want to perform a port-forwarding / proxy server deployment, which will forward traffic between your servers and the Armor API and service endpoints.

This port-forwarding / proxy server sits within your environment to provide servers that do not have outbound network access to communicate with Armor Anywhere services.

This solution uses to forward service data out from the customer environment and into Armor.

Review Requirements

To be able to perform a port-forward / proxy server deployment, you will need the following resources or information:

Port-Forwarding / Proxy Server

  • Linux server with OS of choice (CentOS7 recommended)

  • Must be a standalone server

  • 1vCPU/1GB RAM minimum

  • NGINX package installed

  • The installed Anywhere Agent on the server

  • External IP Address

Client Armor Anywhere Agent Servers (prior to installing the Armor Anywhere Agent)

  • Internal access from the port-forwarding server to download the configuration script

  • Host file modifications made on each subsequent Anywhere Agent install

Review Firewall Rules

Port-Forwarding / Proxy Server

The port-forwarding / proxy server will need outbound access for the following:

The following ports will need to be opened for each server registered with Armor Anywhere.

Service / Purpose

Inbound / Outbound

Source

Destination

Inbound / Outbound

Port

Destination

Armor Agent

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

443/tcp

  • 99.83.175.90

  • 75.2.84.73

    • (agent.api.secure-prod.services)

Malware Protection, FIM, IDS

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

4119/tcp

4120/tcp

4122/tcp

  • 44.233.170.94

  • 100.20.145.224

  • 34.215.243.248

    • ([region].epsec.secure-prod.services)

DSM

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

4120/tcp

Relay

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

4122/tcp

Monitoring

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

8443/tcp

Remote Access

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

443/tcp

Vulnerability Scanning

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

*443/tcp

Log Relay (Logstash)

Outbound

Client VM Private IP

Port Forwarding Server Private IP

Inbound

  • 5140/udp

  • 5141/tcp

The IP address for your virtual machine

Log Relay (Armor's logging service (ELK))

Inbound

Client VM Private IP

Port Forwarding Server Private IP

Outbound

  • 5443/tcp

  • 5400-5600/tcp (Reserved)

    • Armor reserves the right to utilize this port range for future expansion or service changes.

1c.log.armor.com

  • These endpoints are served by the Amazon Elastic Load Balancers. As a result, the actual endpoints will vary dynamically across Amazon's IP ranges.


Log Management

(Filebeat/Winlogbeat)

Outbound

Client VM Private IP

Port Forwarding Server Private IP

Inbound

  • 5516/tcp

Proxy Software Configuration

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

## Server configuration (CentOS 7)

sudo yum install epel-release

sudo yum install nginx 

## Put the contents of this into /etc/nginx/nginx.conf

user nginx;

worker_processes auto;

pid /run/nginx.pid;

error_log /var/log/nginx/error.log;

 

load_module /usr/lib64/nginx/modules/ngx_stream_module.so;

events {

        worker_connections 10000;

}

  stream {

      resolver 8.8.8.8;

      log_format basic '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time';

 

      access_log /var/log/nginx/stream_access.log basic;

      error_log /var/log/nginx/stream_error.log;

 

      map $ssl_preread_server_name $name {

          agent.api.secure-prod.services api;

          qagpublic.qg3.apps.qualys.com qualys;

          default api;

 

      }

 

      upstream api {

          server agent.api.secure-prod.services:443;

      }

 

      upstream qualys {

          server qagpublic.qg3.apps.qualys.com:443;

      }

 

      server {

          listen 443;

          proxy_pass $name;

          ssl_preread on;

      }

 

      server {

        listen 4119;

        listen 4120;

        listen 4122;

        proxy_pass 3a.epsec.armor.com:$server_port;

      }

 

      server {

        listen 5516;

        proxy_pass 1d.log.armor.com:$server_port;

      }

 

}

## end contents

 

service nginx restart

Client Configuration

Servers with the Anywhere Agent

All servers that run the Anywhere Agent will need outbound access to the port-forwarding server's private IP, with the following ports allowed:

Purpose / Service

Port

Destination

Armor Agent Heartbeat

443/tcp

Your port-forwarding server private IP

Malware Protection, FIM, IDS

4119/tcp

Your port-forwarding server private IP

DSM

4120/tcp

Your port-forwarding server private IP

Relay

4122/tcp

Your port-forwarding server private IP

Monitoring

8443/tcp

Your port-forwarding server private IP

Remote Access

443/tcp

Your port-forwarding server private IP

Vulnerability Scanning

443/tcp

Your port-forwarding server private IP

Vulnerability Scanning

443/tcp

Your port-forwarding server private IP

Log Management

515/tcp

Your port-forwarding Server Private IP


Linux

  1. Update the host file, replacing x.x.x.x with your private IP address.

    ## client (linux)
    !note: xxx.xxx.xxx.xxx is the ip address of your proxy machine
     
    # Update your hosts file
    echo "xxx.xxx.xxx.xxx api.armor.com 3a.epsec.armor.com 1a.log.armor.com agent.api.secure-prod.services 1d.log.armor.com agent.armor.com agent.api.secure-prod.services qagpublic.qg3.apps.qualys.com" >> /etc/hosts

Windows

Update the host file, replacing x.x.x.x with your proxy server private IP address.

## client (windows)

!note: xxx.xxx.xxx.xxx is the ip address of your proxy machine

 

# Update your hosts file (c:\windows\system32\drivers\etc\hosts) with the following:

  xxx.xxx.xxx.xxx api.armor.com 3a.epsec.armor.com 1a.log.armor.com agent.api.secure-prod.services 1d.log.armor.com agent.armor.com agent.api.secure-prod.services qagpublic.qg3.apps.qualys.com


Related Documentation

To learn more about how to install the Anywhere agent, see Step 4 in the following documents:

Topics Discussed

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close