As part of a vRealize Log Insight design, include the specification of communications ports to be opened and the specific components of the architecture that will use them. Careful use of ports allows functioning across firewall boundaries, while also protecting the sensitive information gathered in the log messages from unsecure networks or unauthorized personnel. The best practice is to place the vRealize Log Insight appliances on a separated out-of-band management network segment protected by a firewall from the rest of the internal network. See Section 7, vRealize Log Insight Management Environment for more information on how to do that.

The following tables in this section list recommended communication port assignments. The exact port assignments might vary according to a specific service provider’s vRealize Log Insight system design.

The first table lists ports that need to be open to vRealize Log Insight from sources that send syslog message data to vRealize Log Insight.

 

 

The following ports are only used for internal cluster communication between vRealize Log Insight master and worker nodes and they are only required to be open if a solution design does not allow for direct Layer 2 communication between the vRealize Log Insight cluster nodes. Normally a solution design would allow direct layer 2 communication between nodes, however this might not be the case, for example, if the vRealize Log Insight cluster nodes exist on separate network segments with a firewall restricting traffic between them. The restriction on Layer 2 communication might also exist if the design employs a distributed software-based firewall solution that restricts traffic between the cluster nodes.