SCCM 2012 What Ports Do I need to open so DMZ servers can communicate with my SCCM Server?

Hi,
What ports do I need to open in the firewall so my DMZ servers can talk to my SCCM server on the network?
Here are my steps before to make my DMZ servers talk to my SCCM server:
1.  On my SCCM 2012 SP1 CU2 I have bounderies installed --> I install SCCM Client on my DMZ server with the appropriate switches --> I go back to my SCCM server to approve the server --> Works
But now my DMZ servers stops getting definition updates from my SCCM server and I was suggested that it is much easier to open ports in DMZ.
Now, could you please tell me what ports should we open to ensure two way communication among servers?
Thanks!

Yes and no. It's a bit muddy at times.
For Internet based clients, putting an Internet-enabled MP in the DMZ is perfectly acceptable because Internet clients will only choose MPs enabled for Internet communication.
For systems in the DMZ, that's where it really gets muddy. There's no perfect way to accomplish this. IMO, DMZ clients should be allowed to go back to the MP/DP in the Intranet with a targeted opening in the DMZ firewall rules that allows them to only go
to the internal MP. That's a security policy question though for your organization.
Another option is to treat the clients in the DMZ as Internet only clients. This way, they will only go to the Internet MP in the DMZ. You do lose some functionality though like Remote Control.
A final way is to actually put an MP/DP in the DMZ and deal with the timeout's that happen when clients try to talk to the MP in the Intranet. Clients will try 5 times to contact that MP before giving up. They try to find a new MP at the following times
(which are not configurable):
- Every 25 hours
- WHen the client detects a network change
- When the client agent starts
Jason | http://blog.configmgrftw.com

Similar Messages

  • What ports do i need to open up for my wifi

    i need help i need to know the ports i need to open up on my wifi so that my ipod can  connect

    Check these article: iOS: Recommended settings for Wi-Fi routers and access points
    iPod touch and iPhone: Tips when using Wi-Fi and iTunes for Windows: Troubleshooting security software issues

  • What ports do I need to open on my router for iChat AV?

    What are they ports that need to be opened? (Range) I am using a linksys router..

    Hi Ralph,
    I am sorry, but UPnP is automatically enabled on my Netgear 834G but still won't make it work.
    I've disabled the internal Firewall in 10.4.6 and also opened all ports on the router (1024-65535) for both outbound and inbound. I've trashed all pref files in /Library/Preferences. Yet I have still failed to connect to an AIM user.
    If I disconnect the router and plug in an old D-Link ADSL modem it works striaght away for iChat and AIM users without a fail.
    Any help appreciated!
    Thanks,
    M

  • What ports do I need to open in a home router to support Screen Sharing?

    I'm trying to support my 88 year-old dad who has totally messed up his iMac.  We're both running 10.6.8.  I went ahead and bought the Easy Remote Desktop app from the app store, since I don't need a heavy-duty admin tool, just to see and to remotely manipulate his screen.  I tested it on my home LAN with my wife's computer and it works great.  I did have to find out her IP address, and she did have to turn on Screen Sharing services open to just me first.  The downside for Screen Sharing vs. Remote Administration is that there is no announcement that you're there.
    So I'm thinking that I can just type in my dad's IP address.  Of course he has a DSL router and probably has a DHCP address, so I found out about Dynamic DNS, and located a free Dynamic DNS service.  I've already established (the functional equivalent of) a static IP for myself with this service, and I'm thinking the next step is to talk my dad through doing the same for himself.  Then the next hurdle I think would be to talk him through opening the Screen Sharing service on his Mac, and to add me as a user.  But the final hurdle I think would be to open inbound ports for Screen Sharing from my IP address.  Since Screen Sharing is a native Mac OS function, I figure this is the place to ask that question.  And to ask if I'm on the right track here...

    Screen Sharing uses port 5900. 
    However, I'm going to suggest that you use TeamViewer.com as it will deal with all the networking issues much more easily and without needing to worry about opening ports in your router.

  • SCCM 2012 what setting can be enabled so that no system force users to restart

    SCCM 2012 what setting can be enabled in design rather then software distribution method and patching method which will help 
    to stop systems to restart even though not suppressed during in patching.

    That's not possible. When during installation the restart is not suppressed, the system will restart. There is nothing from a ConfigMgr perspective that will prevent that from happening.
    If there is a particular system that you want to stop from restarting you could try to prevent that by using the command shutdown -a.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • What ports are required to be open on a firewall for UCCX ver7 Backups

    I'm trying to setup a backup location on UCCX version 7.
    The backup storage location and the UCCX server are seperated by a firewall.
    What ports are required to be opened on the firewall to allow the backups through to the backup location.
    Can't find any info online

    Try it locally on the server itself.
    You just need to create a shared directory backup oon the server on C:\ drive.
    \\127.0.0.1\C$\backup
    This should work.
    Link to port utilization guide:
    http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_7_0/configuration/guide/uccx70prtuti.pdf
    Regards,
    Chuck
    Please rate helpful posts and identify correct answers.

  • How many ports do I need to open for Java InfoView? - CR Server 2008 v1

    Hi,
    We are using Crystal Reports 2008 V1 (BuildVersion=12.1.0.114.CRS2008_V1). CMS runs on Oracle 10g. The product I need help for is InfoView.
    The report server is behind a firewall. I would like to know how many ports do I need to open and what they are so that I can access to InfoView (Java Version) from internet.
    The client's IT blocks all ports, except HTTP 80 and HTTPS 443. Is it possible to configure InfoView to run on port 443? Would one port be enough? Port 80 is being used by another application.
    I would appreciate any light to be shed on this issue.
    Thanks,
    Sinan

    InfoView will just need a single port. However CR Server 2008 has additional component who interact. I believe that CR Server 2008 doesn't allow a distributed installation so then the only port that should be opened on the firewall is to reach the web application and from the application server towards the database server hosting the CMS database.
    Hope this helps...
    Martijn van Foeken
    Focuzz BI Services
    http://www.focuzz.nl
    http://nl.linkedin.com/in/martijnvanfoeken
    http://twitter.com/mfoeken

  • What app do i need for my epson 600 printer to work with my ipad

    what app do i need for my epson 600 printer to work with my ipad

    Hi,
    You are asking at a wrong forum, anyway firstly please check to see is your printer in this list ? 
    http://support.apple.com/kb/ht4356
    If Yes, please follow this checklist and fix:
    iPad: http://www.apple.com/support/ipad/assistant/airprint/
    If No, check with Epson
    Regards.
    BH
    **Click the KUDOS thumb up on the left to say 'Thanks'**
    Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem.

  • What plugin do I need to open a PDF in InDesign?

    What plugin do I need to open a PDF in InDesign? I have twice lost my changes in an InDesignfile but I have saved in in PDF form.  I want to open it in InDesign but it says a plugin may be missing.

    You can't OPEN a PDF file in InDesign. This has never been possible.
    You can PLACE a PDF file. A placed PDF is treated as a graphic, you cannot edit it. If you choose Import Options, you can choose which page(s) of the PDF to place.

  • What software do i need to open downloads, what software do i need to open downloads

    what software do i need to open downloads, what software do i need to open downloads

    For most Mac programs you download in the .dmg format just double clicking them will open them. For .zip files you can use a tool like Stuffit Expander. There are other tools listed here. Hope this helps. P.S. for .Pdf files just right click on the file open with Preview. Most text files can be opened with Text Edit, again right click open with....Text Edit. And as Kenneth is saying if you open a text file and you see code, the file wasn't meant to be opened, if you need to edit that file with a program like Text Wrangler, or SubEthaEdit.
    Regards,
    Joseph

  • Does PI need a direct connection to third party or can work with a proxy server based connection to third party?

    does PI need a direct connection to third party or can work with a proxy server based connection to third party?

    Hi,
    It basically includes 3 systems, one is our ECC sender system, middle one is PI box and third one is the receiver system. Data is successfully reaching to PI system from our sender system.Now we want to forward this to our third party system from PI box.
                                                                    I want to know that such sending of data requires direct connection to third party or it can be done by proxy server based connection to third party.If it is possible then what are the steps to do this?
    Regards-
    Anuj Nogja

  • HT5312 Your security questions do not match what I put in when I opened the account, why can't I get security questions that have my answers?

    Your security questions do not match what I put in when I opened the account, why can't I get security questions that have my answers?

    From a Kappy  post
    The Three Best Alternatives for Security Questions and Rescue Mail
       1. Use Apple's Express Lane.
    Go to https://expresslane.apple.com ; click 'See all products and services' at the
    bottom of the page. In the next page click 'More Products and Services, then
    'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
    ID security questions' and click 'Continue'. Please be patient waiting for the return
    phone call. It will come in time depending on how heavily the servers are being hit.
    2.  Call Apple Support in your country: Customer Service: Contact Apple support.
    3.  Rescue email address and how to reset Apple ID security questions.
    A substitute for using the security questions is to use 2-step verification:
    Two-step verification FAQ Get answers to frequently asked questions about two-step verification for Apple ID.

  • SCCM 2012 R2 - Ports Required through Firewall

    Hi all,
    currently working on the list of ports which i'll need to wing over to the network guys to open on the firewalls. Here is what i've come up with from my various readings:
    Name
    Port
    TCP/UDP
    Purpose
    ICMP
    Echo requests messages go from site server to clients
    RPC
    135
    TCP
    Site Server > Client | Console > Site Server
    NetBIOS
    139
    TCP
    Client < > Site Server
    HTTP
    80
    TCP
    Client < > Site Server
    HTTPS
    443
    TCP
    Client < > Site Server
    SMB
    445
    TCP
    Site Server > Client Computer
    LDAP
    389
    TCP
    Site Server > Domain Controllers
    RemoteControl
    2701
    TCP
    Site Server > Client
    WSUS
    8530
    TCP
    Client > Site Server
    WSUS
    8531
    TCP
    Client > Site Server
    MSSQL
    1433
    TCP
    Site Server > SQL Server
    SQLBroker
    4022
    TCP
    Site Server > SQL Broker Service
    Client Notificaiton
    10123
    TCP
    Site Server > Client
    WakeUpProxy
    9
    UDP
    Client > Site Server
    WakeUpProxy
    25536
    UDP
    Client > Site Server
    Is there anything glaringly obvious that i've missed? Or anything i've included unnecessarily? There was a good illustration diagram of how the ports worked in 2007 (http://technet.microsoft.com/en-gb/library/bb632618.aspx) but couldn't seem to find
    an equivilant for 2012 R2.
    Thanks for the help

    Hi,
    To add to that the ports for PXE is missing as well if you are going to use it. Have a look at this great excel spreadsheet where you can add a servername a roles in excel and it will give you what ports needs to be opened.. great help.
    https://sccmguru.wordpress.com/2012/11/09/configuration-manager-2012-port-information-and-spreadsheet/
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • SCCM 2012 Workgroup Machines - Do I need Certificates?

    Hi All,
    We have SCCM 2012 in our environment with 500 desktops and Servers in total. There are 50 servers in the same VLan as SCCM Server (Single Server).
    We don't have AD extended for specific reasons. We are using manual install and all domain machines are running fine. SCCM MP is set to accept connections on HTTP and HTTPS.
    Workgroup machines are not connected setup for SCCM at this point of time.
    Questions:
    1. Do I need to use Certificates for Workgroup Machines? Is this a must?
    2. If I don't use certificates, as the machines are not in the domain there will be no Kerberos authentication as well. Does SCCM Server require the client to authenticate first when registering? - like Kerberos or Cert Auth?
    Thanks in Advance.

    The answer is No, PKI is not required for managing Workgroup clients. What you do need it configure the Network Access Account, that account will be used by the workgroup clients when communicating with the infrastructure.
    Kent Agerlund | My blogs: blog.coretech.dk/kea and
    SCUG.dk/ | Twitter:
    @Agerlund | Linkedin: Kent Agerlund |
    Mastering ConfigMgr 2012 The Fundamentals

  • Opening a port issue: I Need to open a port in an airport extreme.

    I Need to open a port in an airport extreme, but I'm connected through an airport express in bridge mode.  I need to access a specific computer inside my network through that port to be able to use it as a server.  I can't seem to find the correct way to set everything up.  I've tried opening the port and everytime I check it through telnet or any open check tool on the net it keeps saying the port is closed.  I'm stumped.

    After digging around it looks like Snow Leopard doesn't use ipfw for opening ports.
    Does anyone know how to open ports in Snow Leopard? Apple don't seem to have any info on this - besides the allow incoming connections for certain applications.
    Will try WaterRoof and see what happens.
    Cheers
    Ben
    Message was edited by: Ben Sciascia

Maybe you are looking for

  • Payment terms Configuration for customers - Billing Documents.

    I would like to configure payment terms as follows:- Z010 : 10 days credit. System should calculate 10 days from the document date. In FBL5N it should calculate and shown in "Net Due Date" accordingly. Eg. document date : 2.7.09.  Net due date should

  • Can't import from home shared computer

    Okay here's the deal. My mom, who has her computer in the basement, got an iPad. Her computer didn't recognize it or find the driver. She uninstalled and reinstalled iTunes but keeps getting error messages that it didn't install correctly. A new unit

  • Fix Colulm Width in analysis item  WAD 2004s BI 7.0

    Hin guys, I have tried everything but can't find a way to fix certain columns of an analysis item. The system automatically defines the column width on base of the maximum length for all values in a column. But I want to fix or change the column widt

  • Need help with compression rates with Sorenson Squeeze 6, Compressor3.5.2

    Hopefully somebody can help me with this... I am running Sorenson Squeeze 6 on a Mac to try and compress some Apple ProRes 422 videos into an MPEG-2 file. The file will be played in a DirectX application, running on a PC with Windows 7. When being pl

  • How to record sound with Java Sound?

    I just want to record a clip of sound and save it to a WAV file. I exhausted the web but didn't find a tutorial. Would someone be kind enough to give me a tutorial or a sample code? The simpler the better. Thanks.