Port 80 change to port 443

jenuine 2023-05-09 09:46:21 UTC #1

Is it okay if I will block port 80 and directly used the port 443 on my root server?
Does it have an impact in connecting to the following:
esync.bigfix.com
gatherer.bigfix.com
software.bigfix.com

JasonWalker 2023-05-09 12:38:18 UTC #2

Those sites will work, but for content downloads from Microsoft, Red Hat, Firefox, etc. our Fixlet content specifies downloading from whatever URLs are present in the source bulletins, and many of those are HTTP (most of those redirect to HTTPS after connecting, but still need the initial HTTP handshake).

If you want to filter the web traffic I’d highly recommend using a proxy instead of just blocking HTTP, and you may need to apply different rules onto different URLs or be prepared to use the Airgap Tool and manual downloads

jenuine 2023-05-17 07:49:42 UTC #3

Hello.

Does bigfix have an official documentation regarding that this Port 80 is required in Bigfix environment.

JasonWalker 2023-05-17 11:16:27 UTC #4

Port 80 is not required (by us). It’s required for the patch downloads, of the vendor published their update using a HTTP url. I don’t think we have a list of every download URL (which changes constantly) but we do have some Session Relevance you can run to build a list of current URLs on your server. Whether you need each URL depends on whether you want to patch that particular produc5.
That session relevance is here on the Forum. I’ll be able to search for it a bit later if you think that’ll be useful

JasonWalker 2023-05-17 12:20:27 UTC #5

This post has details on listing the URLs referenced by your Fixlets

In addition to these URLs that are coded in the Fixlets themselves, certain Download Plug-Ins for Red Hat, CentOS, Oracle, or IBM downloads also need Internet access but they calculate URLs to the upstream vendor repos dynamically.

DanPaquette 2023-05-25 21:00:31 UTC #6

Updated link to the Presenation Debugger from my old comment. https://developer.bigfix.com/tools/presentation_debugger.html