Spark TCP ports, firewall issue

Hi,

Question, I’'ve got two network segments, with a firewall in between, the wildfire service is running on a server on one side, and part of the users using Spark client are on the other side, which ports do I need to open to ensure traffic is possible, and still acceptable on a security level.

In my logging I can see that the client is trying to connect using a varying source port to the server on destination port 5222. But if I only open the destination port towards that server, this does not seem to be enough, however if I open TCP any towards that server, it does work, but I would like to limit this, if possible.

Clients are using secure authentication, don’'t know if this makes the job harder or easier…

thanks

Hi,

there is no need to open another port, unless “secure authentication” means old SSL, then you need port 5223 instead of port 5222.

Maybe your firewall allows to log all blocked packets, so you could very easy identify what the problem is.

You must enable TCP traffic for normal packets in both directions (Client:1024-65536 <=> Server:5222 ), but SYN packets should only be sent by the client and not by the server (Client:1024-65535 => Server:5222) - I assume that you did this.

LG

5222: unencrypted / TLS encrypted

5223: old SSL

5269: server-2-server

7777: file transfer proxy

9090/9091: http/https web gui

Indeed, needed port 5223

thanks