Bigfix imaging traffic on UDP port 500

I have a client that is trying to image with BigFix, when I look at the traffic logs I see that UDP port 500 traffic is being blocked. This causes the imaging process to “Timeout” and not complete. What is this UDP port 500 traffic used for. When I put in for that port to be opened on our firewall I would have to explain why they need that port opened. Any help or documentation would be helpful.


UDP 500 is a well-known (assigned) port for ISAKMP / Internet Key Exchange. It’s not used directly by OSD, but the client may be attempting to failover connect via IPSec if one of the other required ports is blocked.

Can you describe what you’re imaging (Windows/Linux? Bare Metal or Reimage?)

1 Like

Windows 10 and Bare metal, we are re-imaging a win 7 machine with win 10.

Ok, and at what point is the client trying udp-500? I don’t think the PXE-loaded REMBO would try it. Is this occurring in the Windows PE image (after an image is selected, the client boots into a WinPE in RAMDISK and uses the rbagent program to download the WIM image to the disk)? Or is this after the image has been applied to disk and the client has rebooted into Windows Setup?

What’s the destination for the UDP-500 traffic? Is it the OSD server, a Domain Controller, or something else?

It has been put on a usb drive, they choose the proper task sequence and begin the imaging. It looks like it starts then times out.

I’d look for other traffic that is blocked or times-out prior to the udp-500 connection attempt.