Finding Your Device's TCP, UDP, and NSEL Port Used for Secure Logging Analytics (SaaS)
Secure Logging Analytics (SaaS) allows you to send events from your Secure Firewall Cloud Native or FDM-managed devices to certain UDP, TCP, or NSEL ports on the Secure Event Connector (SEC). The SEC then forwards those events to the Cisco cloud.
If these ports aren't already in use, the SEC makes them available to receive events and the Secure Logging Analytics (SaaS) documentation recommends using them when you configure the feature.
-
TCP: 10125
-
UDP: 10025
-
NSEL: 10425
If those ports are already in use, before you configure Secure Logging Analytics (SaaS), look at your SEC device details to determine what ports it is actually using to receive events.
To find the port numbers the SEC uses:
Procedure
Step 1 | From the CDO menu, choose . |
Step 2 | In the Secure Connectors page, select the SEC you want to send events to. |
Step 3 | In the Details pane, you will see the TCP, UDP, and NetFlow (NSEL) port you should send events to.  |