Confirming My Understanding About Network Flow Through a Firewall

Hi all …

I want to confirm my understanding of the network flow through a firewall so I can explain it to my customer.

So let’s assume I have relay A as my internal relay and relay B as the relay on the other side of the firewall.

My understanding is that if I need relay to relay communication to flow through a firewall, that firewall must allow TCP port 52311 open in both directions. This is required because relay A pushes site content to relay B and relay B pushes client results (i.e. files to be uploaded, heartbeat signals, etc) to relay A. In other words, communication through the firewall can be initiated by either relay.

Is that correct?

–Mark

That is correct: communication can be initiated by either Relay (assuming Relay A is Relay B’s parent):

  • Relay A will send notifications of new content to Relay B via TCP 52311 by default
  • Relay B will forward registrations, download content, upload files, and post Client results to Relay A via TCP 52311 by default
1 Like

Hi Aram … yes, relay A is relay B’s parent; should have said that. Thank you!

–Mark

Typically firewalls allow outgoing traffic. If they don’t allow outgoing traffic for some reason, then that is a more unusual case and could cause problems if it isn’t opened. It is typically the incoming rules on the hardware and software firewalls that are an issue.