MDM Firewall Settings Worksheet

MDM Firewall Settings Worksheet

Collapse All

2/9/2009

The firewall setting worksheets help you prepare to deploy System Center Mobile Device Manager for your enterprise. Maintaining a list of ports settings can help you prepare to deploy MDM and help resolve problems and maintain installation settings.

MDM Server Ports

Traffic source	Destination	Default	Complete?
MDM Device Management Server	MDM Gateway Server	TCP 443 (SSL) configurable	[ ]
Device (native IP address)	MDM Enrollment Server	TCP 443 (SSL) not configurable	[ ]
Device (assigned VPN IP address)	MDM Device Management Server (through MDM Gateway Server)	TCP 8443 (SSL) configurable	[ ]
Device (native IP address)	MDM Self Service Portal server	TCP 443 (SSL) not configurable	[ ]

MDM Console Ports

Traffic source	Destination	Default	Complete?
MDM Console	MDM Device Management Server	TCP 8446 (SSL) configurable	[ ]
MDM Console	MDM Enrollment Server	TCP 8445 (SSL) configurable	[ ]
MDM Console	MDM Self Service Portal server	TCP 8445 (SSL) configurable	[ ]

IPsec Traffic

Traffic source	Destination	Default	Complete?
Device (native IP address)	MDM Gateway Server	UDP 500 bi-directional	[ ]
Device (native IP address)	MDM Gateway Server	UDP 4500 bi-directional	[ ]
Device (native IP address)	MDM Gateway Server	IP Protocol 50 (IPsec) bi-directional	[ ]

Traffic source

Destination

Default

Value

Complete?

Device (native IP address)

MDM Gateway Server

UDP 500 bi-directional

[ ]

Device (native IP address)

MDM Gateway Server

UDP 4500

bi-directional

[ ]

Device (native IP address)

MDM Gateway Server

IP Protocol 50 (IPsec)

bi-directional

[ ]

Other MDM Ports

Purpose	Traffic source	Destination	Default	Value	Complete?
VPN services — network address translation (NAT) timeout detection	Device (native IP address)	MDM Gateway Server	UDP 8901 (bi-directional)		[ ]
Communication to the certification authority	Device (native IP address)	MDM certification authority	TCP 443 TCP 80		[ ]

Purpose

Traffic source

Destination

Default

Value

Complete?

VPN services — network address translation (NAT) timeout detection

Device (native IP address)

MDM Gateway Server

UDP 8901

(bi-directional)

[ ]

Communication to the certification authority

Device (native IP address)

MDM certification authority

TCP 443

TCP 80

[ ]

Software Distribution

Traffic source	Destination	Default	Value	Complete?
Managed device (issued IP address)	MDM Device Management Server	TCP 8530 bi-directional TCP 8531 (SSL) bi-directional		[ ]

Traffic source

Destination

Default

Value

Complete?

Managed device (issued IP address)

MDM Device Management Server

TCP 8530 bi-directional

TCP 8531 (SSL) bi-directional

[ ]

Additional Ports

Purpose	Traffic source	Destination	Default	Configured?
Line-of-business (LOB) applications that use SSL	Managed device (issued IP address)	LOB application server	TCP 443	[ ]
LOB applications (other)	Managed device (issued IP address)	LOB application server	Defined by type of application	[ ]
External Web site access	Managed device (issued IP address)	NAT or proxy server in the perimeter network	TCP 443, TCP 80	[ ]
Domain Name System (DNS) name resolution Note: This is only needed if DNS traffic will be traversing the firewall.	External network Internal network	External network Internal network	Allow DNS	[ ]

Site Feedback