ITMS Administrator Group

Hi all, needing some help with some cloud enablment questions. (7.5 SP1 HF5)

1. Do we only have to open the ports between GW and SMP plus only Site servers serving Cloud?  or we have to open the ports to all the PS ?

2. Can we use a TMG server in front of the IGW (So CEM agents hig TMG server and get directed to IGW). 

3. How long Tunnel created by CEM agent to the SMP via IGW stays open after the use?

4. How long the Tunnel crealed between CEM Agent and Site server syats open after user?

5.  Any other security recommendations?

Make sure that mentioned ports (in ITMS guide) of componets within ITMS are allowed in your firewall rules => if you're using remote PS or TS, then chek doc guide to make sure that you've opened port in firewall and on appropriate Site Server machine.

How long tunnel creates => On my environment it takes less than a second to establish connection.

Thank you Igor, what you mean remote PS and TS? 

We also plan to put some PS that will be in the cloud as well and will provide packages to the clients connecting via gateway is that you meant? is so any specail care or ports need for them other then what is needed for an agent?

Thanks

Hi skhs,

I meant that:

1. If your PS in Cloud will tries to download packages from existing PS in intranet, therefore you need to have opened ports 80,443,4726:

2. Seems like PS in Cloud will be able to share packages by UNC and CEM clients will try to download packages via UNC from PS in Cloud:

Here is about all required ports/protocols:

http://www.symantec.com/docs/DOC6770

Another thread about CEM setup, where was found that required ports weren't opened:

https://www-secure.symantec.com/connect/forums/cem-gateway-setup-log-error

Do you have already tried any CEM client computer to see how it works with current firewall rules?

Thanks,

IP.

Thank you IP, appreciate your help. I have not tested the PS in cloud yet will do very soon. 

Thanks

If you have a solution, then please close this thread.