Urgent, what is the network requirements for IEM server and client

I know the requirements as follows:

Both clients and server open port 52311, bidirectionally for TCP/UDP.

Anything else

Thank you,all

If you haven’t seen it already, I would suggest reviewing the following:


For basic IEM/BigFix communication between a Server/Relay and a Client, the Agent initiates the majority of the communication (via TCP on the BigFix port, by default 52311). However, there are also instances where notifications are sent/initiated by the Server/Relay to the Clients, and that is via UDP on the BigFix port.

In my situation, the server is not connected to the internet. There are no relays configured. And use the default port 52311. So I think the requirements which I described are quite enough. Am I right

Yes, but really all you’d need then is:

  • Client initiated to Server: TCP - 52311
  • Server initiated to Client: UDP - 52311

IEM server platform: win 2012R2
IEM client platform: win7 32bit
The network colleague told me that he had finished the requirements which I post.
But still when I use software distribution to send files to clients, the action’s status was not reported for several hours. It seems that the client did not receive the UDP notification when the action is sent.

Is there any way to check the network. I knowI can use telnet tool to check “Client initiated to Server: TCP - 52311”, how to check “Server initiated to Client: UDP - 52311”.

This can be verified via the Client log. If the Agent is receiving UDP notifications, you will see lines containing “command received” such as the following in the logs:

  • GatherActionMV command received
  • GatherHash command received
  • DownloadPing command received

Additionally, if you send the Client a refresh (right-click the computer in the Console and select ‘send refresh’), if the Agent is able to receive UDP notifications, you should see a line including:

  • ForceRefresh command received

Note that aside from hardware firewalls, oftentimes the software firewalls associated with many newer OSes may block the UDP notification (Win7 has the Windows Firewall). We have a number of Fixlets in BES Support that might assist in identifying such cases as well as potentially re-configuring the firewall as needed to allow the traffic.

1 Like

Aram, thank you for your help.

You can restart the BES client service on the Client machine and from The logs at client end we can check that the client is able to contact the primary server or not.