Preparing your network for installing Enterprise Manager

Applies To: Forefront Client Security

Before installing Enterprise Manager, you must configure your network to allow communication between the down-level Client Security servers and the Enterprise Manager server. To do this, you may need to open ports on any firewalls that exist between the down-level Client Security servers and the Enterprise Manager server.

The following table lists the ports needed for communication between down-level Client Security servers and the Enterprise Manager server.

Note

These ports do not include the ports used for Group Policy, Domain Name System (DNS), and other standard technologies. For a list of ports used by Microsoft server products, see Network Ports Used by Key Microsoft Server Products (http://go.microsoft.com/fwlink/?LinkId=86643).

Component Connection to Port (protocols) Details

Enterprise Manager Server

down-level Client Security collection server

1270 and 1271 (TCP and UDP)

These are the ports the MOM components use to communicate with each other.

Enterprise Manager Server

down-level Client Security databases

1433 (TCP) and 1434 (UDP)

These are the ports SQL Server uses to communicate.

For more information about ports and Client Security, see Preparing your network for installation in the Client Security Deployment Guide (http://go.microsoft.com/fwlink/?LinkId=98456).

Opening ports in Windows Firewall

For instructions about using Group Policy to open ports, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (http://go.microsoft.com/fwlink/?LinkId=86556).

To open ports manually, follow the steps in this procedure.

To open ports in Windows Firewall

  1. Click Start, click Control Panel, and then double-click Windows Firewall.

  2. Click the Exceptions tab, and then click Add Port.

  3. In the Name box, type the name that you want.

  4. In the Port number box, type the port number.

  5. Click TCP or UDP, click OK, and then click OK again.

Multiple domain environments

User accounts used for the Client Security deployment on the Enterprise Manager server need permissions on down-level Client Security deployments throughout the organization. Therefore, if your organization contains multiple domains, these domains must have bidirectional transitive trusts with the Enterprise Manager domain.