POrt opening requirement confimarion at Bigfix client and relay end

tarwaniv 2019-04-04 14:13:09 UTC #1

Hello All, I want to know and confirm that port 52311, 80 and 443 are required for client to communicate in Bigfix environment. Bigfix relay sends the UDP package to client and client receives package using TCP on 52311 port. Please confirm to me that should 52311 be opened at UDP and TCP both at client end?

strawgate 2019-04-04 14:55:34 UTC #2

You can review the network requirements here:

https://www.ibm.com/support/knowledgecenter/en/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Installation/c_network_configuration.html

All internal network communication is on one specified port (52311 is the default port for all the components, including the console) to allow for simplicity and flexibility of deployment. TCP/IP and UDP on this port must be completely unblocked at all internal routers and internal firewalls (you can optionally disable UDP, but that might negatively affect performance).

Specifically the client must be able to initiate and maintain a TCP 52311 connection to its parent relay/server

tarwaniv 2019-04-04 15:02:04 UTC #3

Thank you, I see 52311 is open with UDP only and client is communicating with relay, should we have to ensure that 52311 is to be opened for UDP and TCP both at client end?

JasonWalker 2019-04-04 16:45:53 UTC #4

The client needs ICMP and tcp/52311 to the relay.
Optionally, the relay should have udp/52311 to the client; this allows the relay to inform the client when there is new content or actions, so you get a faster response from clients.

If udp/52311 from relay to client cannot be opened, or the traffic crosses NAT or Internet, there are Command Polling options you may wish to apply on the client for more frequent checks for updated content/actions, as the default is to check every 12 hours.

byroninuvei 2022-07-20 18:30:30 UTC #5

I had to enable UDP from the server to client for our clients to receive updates without restarting the service ont he client.

Jared 2022-07-25 21:25:04 UTC #6

You should also look at command poll. It does not offer the phone home opening up UDP does, but it does cause a regular sync if UDP is not available.

Command Polling Link