1.5. Network Requirements

ASGARD and other systems which will have to communicate with each other, need the following ports opened within the network. For a detailed and up to date list of our update and licensing servers, please visit https://www.nextron-systems.com/hosts/.

1.5.1. From ASGARD Agent to ASGARD Server

Description	Ports
Agent / Server communication	443/tcp
Syslog Forwarder (optional)	514/udp [1]
ASGARD online check (optional)	ICMP

The syslog port is optional, since your agents will work fine without it. Please see Syslog Forwarding for more information.

Hint

Your ASGARD Agents will check if they can reach your ASGARD via HTTPs. ICMP is not necessary, but helps during troubleshooting.

1.5.2. From Management Workstation to ASGARD Server

Description	Ports
Administrative web interface	8443/tcp
Command line administration	22/tcp

1.5.3. From ASGARD to SIEM

Description	Ports
Syslog forwarder	514/udp [1]

1.5.4. From ASGARD to Analysis Cockpit

Ports	Description
Asset Synchronization, Log- and Sample forwarding	7443/tcp
Syslog forwarder (optional)	514/udp [1]

1.5.5. From ASGARD and Master ASGARD to the Internet

The ASGARD systems are configured to retrieve updates from the following remote systems via HTTPS on port 443/tcp:

Product	Remote Systems
ASGARD packages	update-301.nextron-systems.com [2]
ASGARD packages	update3.nextron-systems.com [2]
THOR updates	update1.nextron-systems.com
THOR updates	update2.nextron-systems.com

All proxy systems should be configured to allow access to these URLs without TLS/SSL interception. (ASGARD uses client-side SSL certificates for authentication). It is possible to configure a proxy server, username and password during the setup process of the ASGARD platform. Only BASIC authentication is supported (no NTLM authentication support).

1.5.6. From Master ASGARD to ASGARD

Direction	Port
From Master ASGARD to ASGARD Management Center	5443/tcp

You cannot manage ASGARD v3 systems from a Master ASGARD v2.

1.5.7. From Management Workstation to Master ASGARD

Description	Port
Administrative web interface	8443/tcp
Command line administration	22/tcp

1.5.8. Time Synchronization

ASGARD tries to reach the public Debian time servers by default.

Server	Port
0.debian.pool.ntp.org	123/udp
1.debian.pool.ntp.org	123/udp
2.debian.pool.ntp.org	123/udp

The NTP server configuration can be changed.

1.5.9. DNS

ASGARD needs to be able to resolve internal and external IP addresses.

Warning

Please make sure that you install your ASGARD with a domain name (see Network Configuration). If you do not set the Domain Name and install the ASGARD package, your clients won't be able to connect to your ASGARD.

All components you install should have a proper domain name configured to avoid issues further during the configuration.

1.5.10. Internet Access during Installation

The Management Center installer requires Internet access during the setup. The installation process will fail if required packages cannot be loaded from https://update3.nextron-systems.com [2]

1.5.10.1. SSL/TLS Interception

The installation and update processes do not accept an unknown but valid SSL/TLS certificate presented by an intercepting entity and therefore don't support SSL/TLS interception.

Since our products are usually used in possibly compromised environments, the integrity of our software and update packages has highest priority.

1.5.11. Architecture Overview

The following image shows an architecture overview with all products and their communication relationships.

Full Architecture

Footnotes

[1] (1,2,3)

You can configure any port and protocol combination for this, e.g. 6514/tcp

[2] (1,2,3)

If you are upgrading from Management Center version 2 to version 3, you need both update servers reachable from your Management Center. If you installed version 3 directly, you only need https://update-301.nextron-systems.com