Port requirements for communication between root to clients via relay

1

Hi,

I have few more questions:-

  1. Bigfix clients service wont respond to telnet on port 52311? Do we not require tcp/udp 52311 bidirectional between relay and clients?
  2. Between relay and root OR top and botton relay we require tcp/52311 bidirctional?
  3. For my better understanding, if i consider a scenario where i am pushing an action on the endpoint , the network flow will like :-
    Root to relay : tcp/52311 (action push to the relays)
    Relay to client : Udp/52311 (notification for new content from relay to client)
    client to relay : tcp/52311 (download the content for that action)
    client to relay : tcp/52311 (post the status of that action to the relay)
    relay to root : tcp/52311 (relay push the status update to root for that action)
    is it the correct sequence that bigfix follow over the network?
2

You can find a security flow diagram at the following link:

https://www.ibm.com/support/knowledgecenter/en/SSKLLW_9.5.0/com.ibm.bigfix.inventory.doc/Inventory/security/c_data_interaction.html

There is another post which might be interesting too.

1 Like
3

  1. Bigfix clients service wont respond to telnet on port 52311? Do we not require tcp/udp 52311 bidirectional between relay and clients?

    • The BigFix Client listens on port 52311 (by default) on UDP (not TCP). As such, it won’t respond to telnet requests on this port (since telnet uses TCP). The purpose of the UDP communication is for notifications. The BigFix Relay will initiate a UDP connection to the target Clients on port 52311.

  2. Between relay and root OR top and botton relay we require tcp/52311 bidirctional?

    • The Relays communicate with one another, and with the Root Server, only via TCP on port 52311 (by default). Bi-directional is not strictly required, but recommended to ensure rapid response (i.e. parent Relays, or the Root Server will initiate a TCP connection with downstream/child Relays on port 52311 (by default) for notification purposes. If this notification is blocked, actions, site gathers, etc… will be delayed as they would rely on polling behavior.

  3. For my better understanding, if i consider a scenario where i am pushing an action on the endpoint , the network flow will like :-
    Root to relay : tcp/52311 (action push to the relays)
    Relay to client : Udp/52311 (notification for new content from relay to client)
    client to relay : tcp/52311 (download the content for that action)
    client to relay : tcp/52311 (post the status of that action to the relay)
    relay to root : tcp/52311 (relay push the status update to root for that action)

    • This is generally correct, yes, but technically, it skips a couple communication steps.
2 Likes
4

Thanks Aram, could you please help me with the exact process that bigfix uses while we apply any action on the endpoints, I have mentioned my understanding in point 3 but could you please provide me the exact technical steps that bigfix use with the ports requirement as well for each step, please correct me with the points that I miss in the step 3, it will help me understanding the process better.
Thanks in advance :blush: