I’m setting up our BigFix compliance server and due to our environment being a bit more locked down, per se, I have to provide our network services guys with ports that need to be open and to what. Unfortunately, the IBM documentation doesn’t seem to have an explicit list for the compliance server documentation that I can find.
I do see in the documentation that it needs to communicate over TCP via port 9081 for HTTPS but is that to all clients?
And does this server need the same general access to endpoints that the main BigFix server does? Re: Open ports.
The Compliance server does not need direct communication to the clients. It works by contacting the Bigfix root server and importing data from it. I don’t have a definitive list handy but hope this helps.
To access the Compliance web interface you’ll need tcp/9081 inbound from any management consoles that will be accessing the reports or applying configuration information.
Do you need a list of outbound communications from the Compliance server? That would include traffic to the BES server at minimum on 52311/tcp by default for RESTAPI queries. I think it needs SQL access as well, which would be 1433 for MS SQL server or another port (which I don’t know at the moment) for DB2.