Ports needed for MiddleTier in DMZ

  • Document ID:3576323
  • Creation Date:24-Jul-2007
  • Modified Date:30-Apr-2012
    • Micro Focus Products:
      ZENworks Desktop Management

Environment

Novell ZENworks 6.5 Desktop Management Support Pack 2 - ZDM6.5 SP2 ZENworks Middle Tier
Novell ZENworks 7 Desktop Management Support Pack 1 - ZDM7 SP1 Middle Tier
Novell ZENworks for Desktops 4.0.1 - ZfD4.0.1
Novell ZENworks for Desktops 4 - ZfD4
Novell ZENworks Middle Tier

Situation

Ports needed for the ZENworks Middle Tier in a DMZ
What ports need to be opened on the firewall to get the ZENworks Middle Tier server to work
Getting the ZENworks Middle Tier to work through firewalls in a DMZ
Ports needed for MiddleTier in DMZ

Resolution

From the ZENworks Middle Tier server to the Public Internet, the following ports should be opened for proper functionality:
80/443 - HTTP and HTTPS traffic for all Middle Tier traffic from a workstation outside of the DMZ (These ports are the default HTTP/HTTPS ports, and can be changed on the MT)
1761 - Port used for Remote Control (this is only to allow remote control of the Mid Tier server, the Mid Tier cannot be used to forward Remote Control requests).
Optional ports
8039 - Will only be needed if the agent is not performing user authentication and using workstation only. This is because the middle tier server uses a proxy id to authenticate into eDirectory and requires the users credentials. If there is not any user authentication, the port will need to be opened in order to allow the agents to register and import directly with the Import Server.
1762 - If using the Remote Control Listener for users to request a help desk remote control session. See document 10098803 for further detail on the Remote Control Listener.

From the ZENworks Middle Tier server to the internal eDirectory Backend Server, the following ports should be opened for proper functionality.
389 - LDAP traffic for all Middle Tier traffic to the Backend eDirectory Server (This port is the default LDAP port, and can be changed on the MT)
445 - Microsoft/NetWare CIFS traffic for delivering files through the Middle Tier from a Backend CIFS connection
524 - Novell eDirectory NCP traffic for delivering eDir comm and files through the Middle Tier from a Backend NCP (NetWare file system) connection
8039 - Middle Tier communication with the AWSI Service running on the Backend eDirectory server

Additional Information

Formerly known as TID# 10089388 NOVL94365