Preparing your network for installing Enterprise Manager
Applies To: Forefront Client Security
Before installing Enterprise Manager, you must configure your network to allow communication between the down-level Client Security servers and the Enterprise Manager server. To do this, you may need to open ports on any firewalls that exist between the down-level Client Security servers and the Enterprise Manager server.
The following table lists the ports needed for communication between down-level Client Security servers and the Enterprise Manager server.
Note
These ports do not include the ports used for Group Policy, Domain Name System (DNS), and other standard technologies. For a list of ports used by Microsoft server products, see Network Ports Used by Key Microsoft Server Products (https://go.microsoft.com/fwlink/?LinkId=86643).
Component | Connection to | Port (protocols) | Details |
---|---|---|---|
Enterprise Manager Server |
down-level Client Security collection server |
1270 and 1271 (TCP and UDP) |
These are the ports the MOM components use to communicate with each other. |
Enterprise Manager Server |
down-level Client Security databases |
1433 (TCP) and 1434 (UDP) |
These are the ports SQL Server uses to communicate. |
For more information about ports and Client Security, see Preparing your network for installation in the Client Security Deployment Guide (https://go.microsoft.com/fwlink/?LinkId=98456).
Opening ports in Windows Firewall
For instructions about using Group Policy to open ports, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (https://go.microsoft.com/fwlink/?LinkId=86556).
To open ports manually, follow the steps in this procedure.
To open ports in Windows Firewall
Click Start, click Control Panel, and then double-click Windows Firewall.
Click the Exceptions tab, and then click Add Port.
In the Name box, type the name that you want.
In the Port number box, type the port number.
Click TCP or UDP, click OK, and then click OK again.
Multiple domain environments
User accounts used for the Client Security deployment on the Enterprise Manager server need permissions on down-level Client Security deployments throughout the organization. Therefore, if your organization contains multiple domains, these domains must have bidirectional transitive trusts with the Enterprise Manager domain.