ports needed to open
Updated: 21 May 2010 | 1 comment
Hi,
As understand from the KB article the firewall must support bidirectional communication through ports 5600 and 5601 to successfully communicate between ESM manager and Agents.
Query 1)
If firewall between ESM manager and Agents do we still require this port range 1024-5000 must also be opened for the specified manager and agents?
2) if we use static NAt will it work?
Pete!
discussion Filed Under:
Comments
Ports 1024-5000 are the source port and need to be open, but most stateful firewalls manage this for you automatically when you define the destination port.
Static NAT generally will be problematic, but may work if you use hostfiles and set DNS up VERY CAREFULLY.
Many customers put an ESM manager into the DMZ and only open the console ports from the internal network to the manager. This is much easier, and the manager doesn't need to be on a dedicated box if there are only a handful of agents.
Would you like to reply?
Login or Register to post your comment.