TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

Similar Messages

• Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplayer?

  Which TCP/UDP ports need to be opened on a firewall for adobe reader and flashplaer to operate properly? This would include updating, linking, and any subset of features.

  The Acrobat Family uses TCP HTTP/HTTPS for all traffic. The following processes and ports may be active on a Windows client machine:
  AdobeARM.exe - automatic updates - port 443
  AcroRd32.exe - brand messages - port 443
  AcroRd32.exe - links in documents - anything specified in the URL
  Acrobat.exe - brand messages - port 443
  Acrobat.exe - links in documents - anything specified in the URL
  AdobeCollabSync.exe - Tracker review data - port 443
  The same ports are used by the  program components on OS X.
  There are no inbound listening ports for any elements of the Acrobat Family. Automatic updates are not pushed and there are no server processes within the software.

• TCP/UDP ports between Cisco PI 2.0 and WLC5508

  Hello,
  I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
  Cisco Prime Infrastructure 2.0 Quick Start Guide
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
  Thanks,
  Robert

  Firewall Between the WCS and Controller or WCS and the WCS User Interface
  When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
  80 (for initial http)
  69 (tftp)
  162 (trap port)
  443 (https)
  Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
  Regards
  Dont forget to rate helpful posts

• QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment

  Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC?  I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers.  I can't find any such document.  
  Thanks,
  Matt 

  HI Matt,
  All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
  I hope this is what you are looking for.
  -Dejan

• What TCP/UDP ports need to be open for VPN Client version 4.8?

  What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
  Thanks,

  Normally, you need the following ports and protocol :
  UDP 500
  UDP 4500
  ESP
  In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
  -Kanishka

• TCP/UDP Port Utilization question for CCX 8.5

  Greetings,
  I have gone through the CCX 8.5 TCP/UDP port utilization guide.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/configuration/guide/uccx851pug.pdf
  I always do this as a matter of practice and I had a question concerning Java RMI ports. In the guide there is an ephemeral range TCP:32768-61000 that is used for Java RMI. Based on the context clues in the footnote this is an intra-cluster communication between processes running on CCX. This jives with ACLs I have built for previous versions.
  The hang up I have is that Table 1 (page 6) of the guide shows that one of the remote devices is "Editor". I take this to mean CRS Editor, which can run on a desktop in the environment. I want to keep the ACL as trim as possible, so I don't want to open up the TCP ephemeral range unnecessarily. So, I guess my question is:
  When that document refers to "Editor" do they mean that the CRS Editor is communicating using the referenced ports? Or is there a server-side process called Editor listening on those ports. The shift in how I apparently have to account for RMI is causing me to question.
  Thanks in advance,
  Bill

  I followed the port guide, but am still having issues connecting to the editor from my workstation with my access-list in place.
  When I remove the ACL the editor connects and I can do reactive debugging. The ACL breaks this.
  Followed this
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/crs/express_9_02/configuration/guide/UCCX_BK_P89325D5_00_port-utilization-guide-uccx-902.pdf
  Does anyone have a sample acl that works?

• CTC TCP/UDP Ports numbers

  Does anyone know the TCP/UDP Port numbers that have to be opened up when using NAT, this is what I have:
  CTC PC >>>>>>>>>>> ROUTER >>>>>>>>>>>ONS15454
  The CTC PC and the ONS are on different IP Networks so I'm the router to translate from one to the other with NAT, configured the ONS15454 to use Socks.
  I used to have a document that explained this but I've lost it.
  THanks
  Chris

  Hi Chris.
  I see you already have provisioned the node for SOCKS Proxy.  If you want to be able to still have IP connectivity (for ping or telnet) to the ENE's, then enable the SOCKS Proxy Only option.  The SOCKS Proxy needs to be provisioned on the LAN connected 15454 at the very least.  You can also go to the CTC drop down menu:  Edit -> Preferences -> Firewall and change the port from being variable to static default.  That will further restrict the ports that are used by CTC.  This should resolve any intermittent connectivity issues in CTC if it is being caused by a firewall.
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp42216
  "If  you launch CTC against a node through a Network Address Translation  (NAT) or Port Address Translation (PAT) router and that node does not  have proxy enabled, your CTC session starts and initially appears to be  fine. However, CTC never receives alarm updates and disconnects and  reconnects every two minutes. If the proxy is accidentally disabled, it  is still possible to enable the proxy during a reconnect cycle and  recover your ability to manage the node, even through a NAT/PAT  firewall."
  Lastly, to answer your question directly below is a link to the list:
  www.cisco.com/en/US/docs/optical/15000r9_1/15454/sonet/reference/guide/454a91_nwconnectivity.html#wp59962
  Table 14-6 Ports Used by the TCC2/TCC2P
  Thanks,
  Will

• Should I block TCP/UDP ports 135 to 139 on my router?

  For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

  Have a read here: http://securityspread.com/2013/07/26/firewall/
  Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
  The specific ports you mention pose no risk to OS X as far as I am aware.

• List of Port and Protocols used by OBIA and Informatica

  Hi Guys
  Please Let me know the List of Port and Protocols used by OBIA,Informatica.
  Regards
  Rama

  Re: OBIEE Ports

• Is there a link to photoshop lightroom 5,  i have a mac air, and cannot use the cd to download it.

  I have photoshop lightroom 5, however, i have a mac air, and cannot use the cd to download it. Where can I find a link to the right download, as i think it is different then the creative suite version.
  Thanks!

  Adobe - Lightroom : For Macintosh : Adobe Photoshop Lightroom 5.7.1

• My iPad2 side switch is acting up, it will only allow me to have either sound or rotate. If I unmute the rotate won't work, if I mute the rotate works. How can I get the iPad to unmute and rotate? I have restored, downloaded updates and rebooted.

  My iPad2 side switch is acting up, it will only allow me to have either sound or rotate. If I unmute the rotate won't work, if I mute the rotate works. How can I get the iPad to unmute and rotate? I have restored, downloaded updates and rebooted.

  You should be able to control the function that the side switch isn't controlling via the left-hand end of the taskbar : http://support.apple.com/kb/HT4085 - is the icon that appears there (notification mute or rotation lock) indicating that that function is 'off' ?

• Tried to update to OS 5.0.1.  It crashed my phone and now will not restore.  Downloads update but then says server timed out?  Help

  Tried to update to OS 5.0.1.  It crashed my phone and now will not restore.  Downloads update but then says server timed out?  Help

  You are going to have to connect to the computer and restore. http://support.apple.com/kb/HT1808

• Checking TCP/UDP ports!

  What's up everybody,
  Does anyobody know how to check if a port is open? (tcp/udp)
  thanks!
  matio,

  Welcome to the forums.
  Common Mac OS X tools used here include Network Utility, lsof, and telnet and ping, and dns-sd and ping for Bonjour and mDNS, depending on details are sought.
  (With the Windows entries from your footer, various of these tools and equivalents are what can be obtained by loading Cygwin or by loading Microsoft's SUA/SFU tools, and with some add-ons. PowerShell might or does have analogs here, but the old MS-DOS shell was pretty limited in what diagnostics were available without additions. There was telnet and ping, but some other bits were missing.)
  Add-on tools include nmap. (nmap is a fairly gonzo-useful tool for this sort of thing.)
  telnet works nicely for brute-force port tests on the LAN.
  And FWIW, if those public web site tools do work and if you're on your own LAN, then definitely also consider checking the settings of and consider upgrading the LAN security. Those tools and those web sites should be blocked by default by the firewall or the gateway device found on most any LAN; whether that's a low-end NAT device, a server-grade firewall, or otherwise.

• Does adding tcp udp ports on the nat exempt accesslist which is binded to nat 0 statement remove the entire nat 0 statement itself?

  Hi Experts,
  Is the above statement true?. I learnt later that adding tcp and udp ports on the nat 0 statements are supported . But does it take away the entire nat statement? Please answer my question at the earliest.
  Regards
  Krishna

  Krishna,
  "NAT exemption (nat 0 access-list command)—NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, you do not limit translation for a host on specific interfaces; you must use NAT exemption for connections through all interfaces. However, NAT exemption does enable you to specify the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so you have greater control using NAT exemption. However unlike policy NAT, NAT exemption does not consider the ports in the access list. NAT exemption also does not support connection settings, such as maximum TCP connections."
  Reference
  So, since the documentation clearly says that this rule does not consider any ports in the ACL, then one should not be testing unsupported configurations.
  If one adds an ACL with specific ports, then unexpected results may be expected.
  My suggestion, dont add any ACL entry with specific ports to your NAT exempt statement.
  Thanks.
  Portu.
  Please rate any helpful posts

• How to find which authentication used to site collection and site using powershell

  Hi,
  How to find  how-many web app, sitecollection, site used Windows authentication,claim authentication and classic, secure store authention , adfs authentication using powershell code in sharepoint 2013.
  If sites are used adfs authentication how to find which email id used for that.
  Thanks,

  Authentication is only defined at the Web Application level, and the only valid auth methods are Classic (Windows (Basic/NTLM/Kerberos)), Claims (Windows (Basic/NTLM/Kerberos)), FBA Claims, , SAML Claims (ADFS), and Anonymous.
  You can find out what authentication scheme(s) are enabled via:
  $wa = Get-SPWebApplication http://webApp1$wa.IisSettings["Default"] #replace with the zone name you're interested in
  The output will look similar to this:
  PS C:\Users\trevor> $wa.IisSettings["Default"]
  AuthenticationMode : Forms
  MembershipProvider : i
  RoleManager : c
  AllowAnonymous : False
  EnableClientIntegration : True
  ServerBindings : {Microsoft.SharePoint.Admini
  stration.SPServerBinding}
  SecureBindings : {}
  UseWindowsIntegratedAuthentication : True
  UseBasicAuthentication : False
  DisableKerberos : True
  ServerComment : SharePoint
  Path : C:\inetpub\wwwroot\wss\Virtu
  alDirectories\spwebapp180
  PreferredInstanceId : 42768054
  UseClaimsAuthentication : True
  ClaimsAuthenticationRedirectionUrl :
  UseFormsClaimsAuthenticationProvider : False
  FormsClaimsAuthenticationProvider :
  UseTrustedClaimsAuthenticationProvider : False
  UseWindowsClaimsAuthenticationProvider : True
  OnlyUseWindowsClaimsAuthenticationProvider : True
  WindowsClaimsAuthenticationProvider : Microsoft.SharePoint.Adminis
  tration.SPWindowsAuthenticat
  ionProvider
  ClaimsAuthenticationProviders : {Windows Authentication}
  ClaimsProviders : {}
  ClientObjectModelRequiresUseRemoteAPIsPermission : True
  UpgradedPersistedProperties : {}
  So on this Web Application in the Default Zone you can tell I have Windows Claims enabled, not using Kerberos (so using NTLM), and Trusted (SAML/ADFS) is not enabled, neither is Forms or Anonymous.
  Trevor Seward
  Follow or contact me at...
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.