I am preparing for a multi-server customer installation. The setup will be as follows:
Web Server
App Server (Batch/Inventory)
Beacon Server
DB Server
I am looking for information on the port configurations needed for each of these servers. I have a table put together with the list of the ports but im unsure of the directionality of the port configs.
Apr 27, 2020 03:51 PM
Hi,
Does this help? Arrows show typical communication directions. So for example you'll have to open ports to allow access from the Web Server and App Server to the Database Server.
Best regards,
Markward
Apr 28, 2020 07:19 AM
I suggest you check what each of them does. It really depends on what you're planning to do with FNMS. I guess most of them are used for some kind of discovery and iventory (by the Beacon Server). Therefore they'll need to be opend on the respective targets or targeted subnets. Before openening countless holes in your firewalls, you should check your specific use cases.
Apr 28, 2020 07:41 AM
Some further information about ports used to and from beacon servers can also be found on the following online help pages:
Apr 28, 2020 09:57 PM
Hi,
Does this help? Arrows show typical communication directions. So for example you'll have to open ports to allow access from the Web Server and App Server to the Database Server.
Best regards,
Markward
Apr 28, 2020 07:19 AM
@mfranz Yes thank you that is helpful. I'm also looking for the following ports --
135, 389, 1801, 2101, 2103, 2105, 3527 (MSMQ)
139, 445 (SMB)
137, 161 (NetBios and SNMP Discovery)
Which servers will use them and whether it will be bi-directional or uni-directional.
Apr 28, 2020 07:29 AM
I suggest you check what each of them does. It really depends on what you're planning to do with FNMS. I guess most of them are used for some kind of discovery and iventory (by the Beacon Server). Therefore they'll need to be opend on the respective targets or targeted subnets. Before openening countless holes in your firewalls, you should check your specific use cases.
Apr 28, 2020 07:41 AM
Understood. That makes sense. Thanks for the insight! @mfranz
Apr 28, 2020 07:42 AM
Some further information about ports used to and from beacon servers can also be found on the following online help pages:
Apr 28, 2020 09:57 PM
Hi @dbeckner ,
For one of uploads and other features in Business data inputs to work as it should the MSMQ communication should be enabled Bidirectional in multi server setup.
1801, 2101, 2103, 2105, 3527 (MSMQ)
Batch server <-----------> Web application server.
I faced an issue recently and there is no clue anywhere in the Flexera Documentation/KB regarding this and only after enabling the MSMQ Bidirectional communication the one off upload is working without issues.
Hope this help
Apr 29, 2020 01:55 AM
Hi Markward,
On your nice picture, between the App Server and the Web Server, I'm indeed missing the IP ports for Microsoft Message Queuing (MSMQ).
In case you have more than one FNMS application server, these IP ports need to be open between all application servers as described in the "Installing fNMS on Premises" document on Page 15.
Additional ports specifically between the Beacon(s) and target systems twill indeed depend on the tasks executed from the Beacon. Examples would be remote scanning of Oracle databases (requires an Oracle IP port like 1521) or connecting inventory data from an IBM ILMT database running on DB2 (requires the IP port the DB2 database is running on to be open).
SMB IP ports (139, 445) will generally be required to be open between the Beacon(s) and their targets for remote ("Zero Touch") execution of Flexera Windows agents. IP Port 22 (SSH) needs to be open for running similar tasks non-Windows target computers.
Apr 29, 2020 12:02 AM