MDM Firewall Settings Worksheet
2/9/2009
The firewall setting worksheets help you prepare to deploy System Center Mobile Device Manager for your enterprise. Maintaining a list of ports settings can help you prepare to deploy MDM and help resolve problems and maintain installation settings.
MDM Server Ports
| Traffic source | Destination | Default | Value | Complete? |
|---|---|---|---|---|
MDM Device Management Server |
MDM Gateway Server |
TCP 443 (SSL) configurable |
[ ] |
|
Device (native IP address) |
MDM Enrollment Server |
TCP 443 (SSL) not configurable |
[ ] |
|
Device (assigned VPN IP address) |
MDM Device Management Server (through MDM Gateway Server) |
TCP 8443 (SSL) configurable |
[ ] |
|
Device (native IP address) |
MDM Self Service Portal server |
TCP 443 (SSL) not configurable |
[ ] |
MDM Console Ports
| Traffic source | Destination | Default | Value | Complete? |
|---|---|---|---|---|
MDM Console |
MDM Device Management Server |
TCP 8446 (SSL) configurable |
[ ] |
|
MDM Console |
MDM Enrollment Server |
TCP 8445 (SSL) configurable |
[ ] |
|
MDM Console |
MDM Self Service Portal server |
TCP 8445 (SSL) configurable |
[ ] |
IPsec Traffic
| Traffic source | Destination | Default | Value | Complete? |
|---|---|---|---|---|
Device (native IP address) |
MDM Gateway Server |
UDP 500 bi-directional |
[ ] |
|
Device (native IP address) |
MDM Gateway Server |
UDP 4500 bi-directional |
[ ] |
|
Device (native IP address) |
MDM Gateway Server |
IP Protocol 50 (IPsec) bi-directional |
[ ] |
Other MDM Ports
| Purpose | Traffic source | Destination | Default | Value | Complete? |
|---|---|---|---|---|---|
VPN services — network address translation (NAT) timeout detection |
Device (native IP address) |
MDM Gateway Server |
UDP 8901 (bi-directional) |
[ ] |
|
Communication to the certification authority |
Device (native IP address) |
MDM certification authority |
TCP 443 TCP 80 |
|
[ ] |
Software Distribution
| Traffic source | Destination | Default | Value | Complete? |
|---|---|---|---|---|
Managed device (issued IP address) |
MDM Device Management Server |
TCP 8530 bi-directional TCP 8531 (SSL) bi-directional |
[ ] |
Additional Ports
| Purpose | Traffic source | Destination | Default | Value | Configured? |
|---|---|---|---|---|---|
Line-of-business (LOB) applications that use SSL |
Managed device (issued IP address) |
LOB application server |
TCP 443 |
[ ] |
|
LOB applications (other) |
Managed device (issued IP address) |
LOB application server |
Defined by type of application |
[ ] |
|
External Web site access |
Managed device (issued IP address) |
NAT or proxy server in the perimeter network |
TCP 443, TCP 80 |
[ ] |
|
Domain Name System (DNS) name resolution .gif "Dd252835.note(en-us,TechNet.10).gif") Note:
This is only needed if DNS traffic will be traversing the firewall.
|
External network Internal network |
External network Internal network |
Allow DNS |
[ ] |