Access Requirements to/from the Internet

tcp/22 in (ssh admin) from our jumphosts or VPN
tcp/80 Out (HTTP) download installation and update packages ->
tcp/25 out (mail) from the box out so can receive email notifications
udp/123 out from the box out for time sync
udp/53 out (DNS)
tcp/22 out for Iris CONFIG BACKUP to
udp/514 out

Iris Alerts for external monitoring
tcp + udp/655 in+out For remote monitoring
Access Requirements on the LAN/WAN

tcp/80 or 443 Access web portal on the LAN
udp/162 in (SNMP traps) - this will give us Steering-pool traps
tcp/21 and 20 in (FTP for HDR, CDR ) - for ACME to talk to Iris server
udp/161 out (servers and network devices to be monitored)
ICMP (servers and network devices to be monitored)
tcp/3377 in (distributed polling)
udp/9996 in (Netflow)
udp/514 in (syslogs including Fortigates)
udp/5354 in (active monitoring)

Jumphost Hosts: and