Firewalled machine

(imported topic written by yura91)

Hi.

I already have totally firewalled machine, it means no internet , no LAN ports opened.

I know that in intranet i need to open port 52311 and 52312 to allow connection between client and server.

Question is: is this connection must be two-way ?

Another question : to what web sites i need allow my server to go ?

Thank You.

(imported comment written by SystemAdmin)

Hi Yura,

Here is background information for you.

Network Traffic Information:

http://support.bigfix.com/bes/misc/networktraffic.html

Personal Firewalls:

http://support.bigfix.com/cgi-bin/kbdirect.pl?id=202

I know that in intranet i need to open port 52311 and 52312 to allow connection between client and server.

For the BES Client, only port 52311 needs to be open (assuming you stuck with the default port number). The Web Reports component commonly operates on port 80 or 52312, so you would need that port open for computers which need access to web reports but the BES Client does not interact with web reports in any way.

Question is: is this connection must be two-way ?

No, the BES Client only needs to be able to go upstream TCP on 52311 to reach its parent and report data to function. The downstream UDP traffic on 52311 does not have to be allowed to have the BES Client work but if you block it the BES Clients won’t get notification messages which will cause their response times to increase (see kb article above). We highly recommend allowing downstream UDP for this reason.

Another question : to what web sites i need allow my server to go ?

The BES Server goes out to the internet to gather Fixlets from BigFix and to gather downloads for patches and updates. I don’t think we have a single list of all possible sites the BES Server will need to get to though. It is possible to run the BES Server completely disconnected from the internet, we call this an air gapped deployment, and you have to transfer data to the server manually using some tools.

http://support.bigfix.com/bes/install/airgapnetwork.html

I believe the websites the server uses to get Fixlets are:

esync.bigfix.com

and

sync.bigfix.com