All,
We are in the beginning phases of our CEM implementation in 7.5 SP1 HF5 and have a few questions that I couldn’t exactly get from the white papers and forum posts.
I have attached an image of how we think the communication goes between the Internet Gateway, SMP, Site Server, and Clients.
We are mainly concerned with getting the direction of communications and the ports that are actually used. This is due to our internal DMZ/Firewall request process is strict and needs exact ports/protocols/destinations IP’s that come from the DMZ side inside our internal network.
By default we let nothing through obviously, so when we put this new CEM internet gateway in our DMZ we will need to punch holes for any port it might ever use, this included basic ones inherent to Windows ( RDP, DNS, LDAP, etc..) as well as the application ones used.
Do the ports and where they need to go look correct?
As of now our firewall request forms looks similar to this:
Source Destination Port(s) Required(TCP/25, UDP/514, etc.) Protocol Used (SMTP, Syslog, etc) Communication Path
10.9.100.100 10.8.100.100 tcp/443 HTTPS One Way with Reply
10.9.100.100 10.8.100.100 tcp/4726 CEM One way with reply
10.9.100.100 10.8.100.101 tcp/443 HTTPS One Way with Reply
I wasn’t sure how the communication works with a CEM Client and the Site Servers so not sure if all the Task Management ports needs to be able to reach the internet Gateway (50120,50121,50122,50123,50124) ??
I just don’t want to have to keep resubmitting firewall requests as we run into issues since they all have to go through our security office.
Thanks,
Clay