Advertisement
Required Traffic Flows
Table 2-1
Supporting Device Type
E-mail Server
NTP Server
DNS Sever
Internal Upgrade Server
GUI Client
Required Traffic Flows
Required traffic flows identify traffic that must be allowed by gateways if they separate the MARS
Appliance from a reporting device, mitigation device, or a supporting device (as listed in
Devices). Also, traffic flows between a Global Controller and any monitored Local Controllers must be
allowed.
The following table identifies categories of traffic flows, the protocols required, and how long they must
be allowed:
Table 2-2
Required Traffic Flows and Ports
Category
Protocols
Management GUI
HTTPS/SSL (TCP port 443)
Management CLI
SSH (TCP 22)
Install and Setup Guide for Cisco Security MARS
2-2
Supporting Devices and Their Role
Is It Required?
Yes
Not for single device
deployment.
Yes for any scenario involving a
Global Controller.
Yes
No
Yes
Allow Only As Needed?
No
Yes
Chapter 2
Deployment Planning Guidelines
Comment
MARS uses e-mail servers to
deliver administrative reports
and notifications.
You must specify the timezone
and UTC settings on all
appliances. The timestamps
applied to received messages is
critical to accurate incident
correlation.
MARS uses DNS to resolve the
hostnames for monitored
devices, which improves the
readability of reports and
queries.
For more information on
configuring and using such a
server, see
Checklist for
Upgrading the Appliance
Software, page
6-6.
This host is one from which you
run the GUI to managed the
appliance.
Supporting
Comments
You cannot effectively use the
appliance and block GUI-based
management traffic. This traffic must
be enabled for Global Controller-to-
Local Controller, as well as from the
MARS Appliance to the computer you
are using to manage the appliance.
—
OL-14672-01
Advertisement
Chapters
Troubleshooting
