What ports have to be opened on a firewall to let a Network Monitor communicate with it's Enforce Server?
The default port for communication between all detection servers and the Enforce Server is TCP 8100
If this post has helped you, please vote up or mark as solution
It should be your Firewall port i.e TCP and UDP (Depending upon the Port number which you have alloted to Firewall)
You need to open 8100 between the Enforce and Network Monitor. The remaining communication occurs in Promniscous mode and shall not require any TCP port, unless there is a Firewtall between the Network Monitor - Promniscous Network adapter and your SPAN / TAP.
Denis John Kattithara
Partner Assist Services
The TCP communications is established FROM the Enforce server TO the Network Monitor. The source port on the Enforce is a random one above 1024. The destination TCP port is 8100 by default, but can be changed.
Most, if not all, firewalls, have an option to recognize and allow established TCP connections. Any traffic coming back from an established TCP connection is allowed without having to define the inbound side.
Thus the fireawall or other filtering rules, must allow a connection from the Enforce server to the Network Monitor (or any detection server) with a destination TCP port of 8100 and established connections allowed by that rule.
John G. Thompson
Source IP - Enforcer Server
Destination IP - Detection Server
TCP Port - 8100
you do not need to open the port for both direction, Just open for above source and destinaion IP. Remember always that you can telnet to port 8100 from Enforcer to Detection server but not from Detection to Enforcer server.