This documentation Network configuration requirements
seems to say that both the master/root machine and the end-points (ones with BigFix client installed) communicate on port 52311. But the end-points do NOT listen on that port with UDP or TCP. And, it looks like the service (BESClient) is running as BESClient.exe which is not listening on any port for unsolicited communication. So, can anyone explain this discrepancy?
I see that the BESClient on the end-point does attempt to contact the root on TCP 52311.
By default the BESClient does not listen on TCP, but it does listen on UDP for notifications from its parent relay.
Usually the client will connect to the parent relay/root using 52311/tcp; when a new site update is available or a new action is taken, the parent root/relays will send a message downstream on 52311/udp.
So, does the client start listening on udp 52311 only after establishing communication or something? As I said, at the moment, the client is listening on nothing. I think it has never succeeded in contacting the root, though, due to a routing issue.
I’m not really sure when it starts the listener. During normal operation though it’s pretty clear
C:\>netstat -ano |find "52311"
UDP 0.0.0.0:52311 *:* 7864
UDP [::]:52311 *:* 7864
edit: snipped out my Console connections on TCP/52311
1 Like
By default the client listens on 52311/udp.
BUT the host firewall may prevent that. (IIRC the client installer adds it to the firewall, but GPs may defeat it.)
At a minimum, the client must be able to reach the root (or a relay) on 52311/tcp.
If using relay selection, the client must also able to ping (ICMP ECHO) to the root/relay, and receive a reply.
For promptness of service, it helps a great deal if the root/relay infrastructure can also reach the endpoint on 52311/udp.
2 Likes