Author Topic: MiCollab Client Deployment and Connection to external MBGs  (Read 4525 times)

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
MiCollab Client Deployment and Connection to external MBGs
« on: January 22, 2018, 03:27:17 PM »
Guys,

Does anyone know what port or ports is required to be opened on a firewall to allow the creation of new connections to external MBGs or does it use an ephemeral port? I have a MiCollab server in LAN Mode and [2] MBGs in the DMZ in Custom LAN Mode [LAN Mode with Public IP on Set-Side Streaming].

I was told I needed to go to MiCollab Client Deployment > Configuration > Connection to MBGs > Create new connection to setup the deployment properly. When I put in the Description and IP Address and press the Save and Send AuthRequest it just times out with the following message.

Configuration was not saved!
Could not connect to MBG: timed out 


I have all of the ports opened up that the MiCollab Engineering Guidelines say need to be opened for the applications I am going to run.

From DMZ [MBG] to LAN [MiCollab]
Source TCP: ANY
Destination TCP: 6800,6801,6802,6809,3998,3999,6880,443,4443,80,36008,5024-5026,5030,7001,7003,8083,8084,4244,8188,1433
UDP: Any

From LAN [MiCollab] to DMZ [MBG]
Source TCP: 6800,6801,6802,6809,3998,3999,6880,443,4443,80,36008,5024-5026,5030,7001,7003,8083,8084,4244,8188,1433
Destination TCP: ANY
UDP: ANY

Thanks,

TE


Offline dilkie

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 344
  • Karma: +11/-0
    • View Profile
Re: MiCollab Client Deployment and Connection to external MBGs
« Reply #1 on: January 22, 2018, 08:55:06 PM »
the cluster connection is on port 6809, which you have listed... but your rules look backwards to me.

6809 is the destination port going from the lan to the dmz and it's the source port coming from the dmz and going to the lan.

Offline Tech Electronics

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 2983
  • Country: us
  • Karma: +89/-1
    • View Profile
Re: MiCollab Client Deployment and Connection to external MBGs
« Reply #2 on: January 23, 2018, 07:16:03 AM »
dilkie,

Are you telling me that the port it uses should be 6809 for that communication? If so I know that I have my firewall rules correct; at least according to the packet captures from the external MBG.

The MBG uses an ephemeral port to initiate communication to the registered port [6809] every time. Although if the MiCollab is the one initiating the communication it would do the same thing which isn't accounted for in those rules. So, what I would need to do in order to fix that problem is this.

From LAN [MiCollab] to DMZ [MBG]
Source TCP: ANY or 80,443,1024-65535
Destination TCP: ANY
UDP: ANY

Hmm, sometimes its the trees that get in the way of seeing the forest, but when you can only get pcap files from one source it does skew things a bit.

Thanks,

TE


 

Sitemap 1 2 3 4 5 6 7 8 9 10