cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FNMS Multi-Server Ports Configuration

dbeckner
By Level 10 Champion
Level 10 Champion

I am preparing for a multi-server customer installation.  The setup will be as follows:

Web Server

App Server (Batch/Inventory)

Beacon Server

DB Server

I am looking for information on the port configurations needed for each of these servers. I have a table put together with the list of the ports but im unsure of the directionality of the port configs.

(3) Solutions
mfranz
By Level 17 Champion
Level 17 Champion

Hi,

Does this help? Arrows show typical communication directions. So for example you'll have to open ports to allow access from the Web Server and App Server to the Database Server.

Ports.png

Best regards,

Markward

View solution in original post

I suggest you check what each of them does. It really depends on what you're planning to do with FNMS. I guess most of them are used for some kind of discovery and iventory (by the Beacon Server). Therefore they'll need to be opend on the respective targets or targeted subnets. Before openening countless holes in your firewalls, you should check your specific use cases.

View solution in original post

Some further information about ports used to and from beacon servers can also be found on the following online help pages:

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

(7) Replies
mfranz
By Level 17 Champion
Level 17 Champion

Hi,

Does this help? Arrows show typical communication directions. So for example you'll have to open ports to allow access from the Web Server and App Server to the Database Server.

Ports.png

Best regards,

Markward

@mfranz Yes thank you that is helpful. I'm also looking for the following ports --

 

135, 389, 1801, 2101, 2103, 2105, 3527 (MSMQ)

139, 445 (SMB)

137, 161 (NetBios and SNMP Discovery)

 

Which servers will use them and whether it will be bi-directional or uni-directional.

I suggest you check what each of them does. It really depends on what you're planning to do with FNMS. I guess most of them are used for some kind of discovery and iventory (by the Beacon Server). Therefore they'll need to be opend on the respective targets or targeted subnets. Before openening countless holes in your firewalls, you should check your specific use cases.

Understood. That makes sense. Thanks for the insight! @mfranz 

Some further information about ports used to and from beacon servers can also be found on the following online help pages:

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

Hi @dbeckner ,

For one of uploads and other features in Business data inputs to work as it should the MSMQ communication should be enabled Bidirectional in multi server setup.

1801, 2101, 2103, 2105, 3527 (MSMQ)

Batch server <-----------> Web application server.

I faced an issue recently and there is no clue anywhere in the Flexera Documentation/KB regarding this and only after enabling the MSMQ Bidirectional communication the one off upload is working without issues.

Hope this help

Hi Markward,

On your nice picture, between the App Server and the Web Server, I'm indeed missing the IP ports for Microsoft Message Queuing (MSMQ).

In case you have more than one FNMS application server, these IP ports need to be open between all application servers as described in the "Installing fNMS on Premises" document on Page 15.

Additional ports specifically between the Beacon(s) and target systems twill indeed depend on the tasks executed from the Beacon. Examples would be remote scanning of Oracle databases (requires an Oracle IP port like 1521) or connecting inventory data from an IBM ILMT database running on DB2 (requires the IP port the DB2 database is running on to be open).

SMB IP ports (139, 445) will generally be required to be open between the Beacon(s) and their targets for remote ("Zero Touch") execution of Flexera Windows agents. IP Port 22 (SSH) needs to be open for running similar tasks non-Windows target computers.