cancel
Showing results for 
Search instead for 
Did you mean: 
zn
Level 7
Report Inappropriate Content
Message 1 of 8

Firewall rules for MEE deployment

Assuming we use the default ports are these rules correct?

I appreciate some of the services are on one box normally but want to create separate rules from the start

IP Groups

EEOD (Endpoint Encryption Object directory)
EES (Endpoint Encryption Server)
EEM (Endpoint Encryption Manager Clients)
EEPC (Endpoint Encryption PC Clients)
WHD (WebHelpDesk)
SD (Our Service Desk IP Range)

Firewall Rulesets

EEOD > EES Communication what port is this? TCP
EES > EEOD what port is this? TCP
EES > EEPC 5556 TCP
EEPC > EES 5555 TCP
EEM > EES/EEOD (does the management console talk to the EEOD or the EES?) what port is this? TCP
WHD > EES/EEOD (does the WebHelpDesk talk to the EEOD or the EES?) what port is this? TCP
SD > WHD 443 TCP
7 Replies
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 2 of 8

RE: Firewall rules for MEE deployment

EEOD > EES Communication what port is this? TCP

It's a windows file share - you should not really split these two up - doing so drops the performance by around 50%

EES > EEOD what port is this? TCP

same as above, don't split them.

EES > EEPC 5556 TCP

this does not exist - you're thinking of EEM>EEPC here. The server never initiates a connection.

EEPC > EES 5555 TCP
EEM > EES/EEOD (does the management console talk to the EEOD or the EES?) what port is this? TCP

It can talk to either, to the EES it acts like a client so 5555, or file share (not advised)

WHD > EES/EEOD (does the WebHelpDesk talk to the EEOD or the EES?) what port is this? TCP

whd can only talk file shares to the EEOD. Again, don't split them if possible.

SD > WHD 443 TCP

Or SSL, as you probably realized.
zn
Level 7
Report Inappropriate Content
Message 3 of 8

RE: Firewall rules for MEE deployment

In the installation scenario thread I posted I mentioned NATd sites where I thought We'd need to install an EES to let those NAT'd clients talk back to our EOD. Are you saying the EES can only talk to the EOD through the file system on a \\ipaddressofourEEODserver\SBADATA$\ share for example?

If we had 30 remote EES nothing would ever get done with the files being locked :eek:
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 4 of 8

RE: Firewall rules for MEE deployment

yup. ees talks directly to the data - it's the presentation layer.

if you had 30 ees, nothing would get done as your file share would die - it would be a foolish architecture indeed.

the EES/ODB traffic is 20x the EEPC/EES traffic, so it's ALWAYS better to have the ees/odb on the same box and have as few EES as possible, at the most two (one primary, one backup).

In your previous thread you didnt really say that you were going to put an ees in each school - I thought you were going to host it centrally and have everyone coming over the wan/internet?

anyway no, you don't want an ees in every school - you want one running on the same box which is hosting the data.
zn
Level 7
Report Inappropriate Content
Message 5 of 8

RE: Firewall rules for MEE deployment

Yes will do that for most schools but there a few who have their own internal range 172/192 etc where I thought we'd have to install an EES on the school ISA server to facilitate communication between the clients and our EEOD
Reliable Contributor SafeBoot
Reliable Contributor
Report Inappropriate Content
Message 6 of 8

RE: Firewall rules for MEE deployment



I hope you can find a way around that, as it will pull the performance down and open you up to a lot of security risks. Sending netBIOS over the internet is never good.

Most people would use a public-facing ip address for their EES, and route that through the hosting firewall. It's only one port and encrypted so there's minimal risk.

RE: Firewall rules for MEE deployment

I thought you were going to host it centrally and have everyone coming over the wan/internet?

RE: Firewall rules for MEE deployment

Thanks for your idea, it is very interesting Smiley Very Happy
simulation taux banque credit immobilier de France - Credit immobilier de France, simulation credit immobilier. Résultat mitigé pour le crédit immobilier de France.simulation taux banque credit immobilier de France