4 Replies Latest reply on Apr 7, 2016 5:21 PM by foxblvd

    Heat DSM port needed for client installation

    cmellor Rookie

      Hi guys,

       

      I'm looking to find out what ports need to be opened for devices in the DMZ to communicate with the DSM Depot / Console

       

      Also can some one point me to the Admin guide for Heat DSM 7?

       

      Thank you

        • 1. Re: Heat DSM port needed for client installation
          marc.manz Rookie

          Hi Chris,

          on the DSM depot in "docs\e\Booklets\" you will find the DSM_DMZSupport_EN.pdf. This will give you an overview how to setup a DMZ with DSM.

          Which ports are required depends mainly on the configuration.

          If you are using the Transport Layer , which is highly recommended, you has to open the port 5052 on the firewall from secure network to DMZ network. In this case the BLS will initiate the connection from the secure network to the unsecure network.

           

          For the distribution you have to open the port you specified while the Http-Depot configuration.

           

          For the communication of the external clients with the Relay Proxy within the DMZ, you have to allow the port 8080 (HTTP) or 443 (HTTPS) (or any custom configured port).

           

          cheers,

          Marc

          1 of 1 people found this helpful
          • 2. Re: Heat DSM port needed for client installation
            Klaus Salger Expert

            Chris,

             

            Do you want to connect clients in the DMZ to DSM servers in the LAN?

             

            That would be a relatively unsecure configuration because the clients would need to open a connection from the unsecure to the secure environment. And while DSM7 clients may generally communicate with the DSM servers using http(s), the initial installation requires an SMB connection.

             

            To avoid this problem you need to place a Management Point in the DMZ.

            So the clients in the DMZ would communicate with the DMZ Management Point - not crossing the inner firewall.

            To connect the DMZ Management Point to the BLS / master depot in the LAN you could use transport layer as Marc mentioned. That would make sure the connections are always made from the secure to the unsecure environment.

             

            If this is not what you want to do, please let us know what you actually intend to do.

             

            Cheers

              Klaus

            1 of 1 people found this helpful
            • 3. Re: Heat DSM port needed for client installation
              holger.weeres@heatsoftware.com Apprentice

              Hi Chris,

              you can find all needed ports in the online help (Aka Admin guide)

              ? Menu in the DSMC -> DSM NetInstall

               

              Simply search in that online help file for the chapter "Ports used in DSM"

              Are you planning to have these client check in directly from the DMZ, or are you planning to set up a DSM Management Point and http Depot in the DMZ to allow all the machines that are not on the local LAN, but remote to reach and check in with DSM?

               

              As stated by others above - having clients in the DMZ check in with the BLS and main Depot directly would require opening ports that most security people would not be comfortable with. (SMB 137-139) and http 80 or 8080 depending on your BLS config. The DMZ proxy config is the way to go and designed in a way, that it does not require any ports to be opened "inbound" on the firewall between the LAN and the DMZ.

               

              Holger

              1 of 1 people found this helpful
              • 4. Re: Heat DSM port needed for client installation
                foxblvd Apprentice

                Correct, you will need an Management Point in the DMZ, this server might have access to the Domain; sometimes this is not possible depending on how secure things are in the DMZ. The MP will need the relay proxy configured, as well event dispatcher. You will also need an HTTP Depot configured in the DMZ. The port used is configurable per install. I strongly recommend that you use HTTPS to secure the connection between and external client and the DMZ server.

                 

                HTH

                1 of 1 people found this helpful