Solved

Which firewall ports should be opened for logpoint server?

  • 2 December 2021
  • 6 replies
  • 468 views

Userlevel 1

Hi,

on my firewall I opened port 443 to destination customer.logpoint.com (172.67.190.81 and 104.21.76.59). 

Now I see on the firewall that the server tries to open connections to the ip addresses 104.16.37.47 and 104.16.38.47 through port 443. Are these connections also needed?

Best regards,

Hans Vedder

icon

Best answer by Basudev Raut 29 April 2022, 09:02

View original

6 replies

Userlevel 2
Badge +3

Hi Hans,

If you have enabled support connection then the Logpoint Server communicates with customer.logpoint.com

These should be their IPs:

Name: customer.logpoint.com

Address: 172.67.190.81:443

Name: customer.logpoint.com

Address: 104.21.76.59:443

 It also communicates with reverse.logpoint.com

Name: reverse.logpoint.com

Address: 89.188.79.98:1193

 

The IPs that you provided: 104.16.37.47 and 104.16.38.47; don’t seem to be under our domain. Maybe this is something you have used like, fetchers, TI or similar API integrations in your environment. 

Hi Hans,

 

If you need further help, you are always welcome to open a support ticket with LogPoint Support. :)

Userlevel 3
Badge +7

Hi Hans,

Both the IP address suggests (current status whitelisted), the external connections are attempted to maxmind which provide the geolocation information. The reason for this attempt originates from one of our process plugin named geoip whose input is IP address and the Output is geographic location.

With every LogPoint that we ship, geoip is bundled as a plugin with baseline information maintained in mmdb (maxmind database). On every Thursday, the geoip codebase attempts to connect to maxmind server through HTTPS (TCP/443) to update the database.

For further assurance, can you please check whether

  1. Outbound connection attempt to maxmind ip addresses happens on other days as well
  2. Additional connection attempt other than those mentioned ip address

Thanks,
Basudev Raut

Userlevel 1

Hi Hans,

Both the IP address suggests (current status whitelisted), the external connections are attempted to maxmind which provide the geolocation information. The reason for this attempt originates from one of our process plugin named geoip whose input is IP address and the Output is geographic location.

With every LogPoint that we ship, geoip is bundled as a plugin with baseline information maintained in mmdb (maxmind database). On every Thursday, the geoip codebase attempts to connect to maxmind server through HTTPS (TCP/443) to update the database.

For further assurance, can you please check whether

  1. Outbound connection attempt to maxmind ip addresses happens on other days as well
  2. Additional connection attempt other than those mentioned ip address

Thanks,
Basudev Raut

 

Hi Basudev,

 

so it would be nice to find these informatíon - regarding the geoip update -under Connections required by LogPoint — Install and Upgrade LogPoint latest documentation.  

Name:    www.maxwind.com
Addresses:  3.99.113.10
                    3.97.24.88

Are these IP Addresses correct.

 

BR

Johann

@Basudev Raut? :)

Userlevel 3
Badge +7

Hi Hans,

Thank you for the suggestion. I will relay this to our documentation team. Regarding the IPs you mentioned, I have asked with relevant team, will get back to you soon.

Best Regards,
Basudev

Reply