Example Firewall Rules Based on Appliance Location

Below are example firewall rules for use with Bomgar, including port numbers, descriptions, and required rules.

Firewall Rules
Internet to the DMZ*
TCP Port 80 (optional) Used to host the portal page without the user having to type HTTPS. The traffic can be automatically rolled over to port 443.
TCP Port 443 (required)** Used for all session traffic.
Internal Network to the DMZ*
TCP Port 80 (optional) Used to host the portal page without the user having to type HTTPS. The traffic can be automatically rolled over to port 443.
TCP Port 161/UDP Used for SNMP queries via IP configuration settings in the /appliance interface.
TCP Port 443 (required)** Used for all session traffic.
DMZ to the Internet*
TCP Port 443 to the specific hosts update.bomgar.com and download.bomgar.com (optional) You can optionally enable access from the appliance on port 443 to these hosts for automatic updates, or you can apply updates manually.
TCP Port 5832 (required for Passive)

Used as a listening port by Passive Jump Clients. Operating system firewalls should also be aware of this port. Note that the port number is configurable by an administrator.

DMZ to the Internal Network*
UDP Port 123 (optional) Access NTP server and sync the time.
LDAP - TCP/UDP 389 (optional)‡ Access LDAP server and authenticate users.
LDAP - TCP/UDP 636 (optional)‡ Access LDAP server and authenticate users via SSL.
Syslog - UDP 514 (required for logging) Used to send syslog messages to a syslog server in the internal network. Alternatively, messages can be sent to a syslog server located within the DMZ.
DNS - UDP 53 (required if DNS server is outside the DMZ) Access DNS server to verify that a DNS A record or CNAME record points to the appliance.
TCP Port 25 (optional) Allows the appliance to send admin mail alerts.
TCP Port 443 (optional) Appliance to web services (such as HP Service Manager and BMC Remedy) for outbound events.
TCP Port 5832 (required for Passive)

Used as a listening port by Passive Jump Clients. Operating system firewalls should also be aware of this port. Note that the port number is configurable by an administrator.

*Rules can conform to the specific IP address(es) used by your Bomgar Appliance(s).

**Each of the following Bomgar components can be configured to connect on a port other than 443:

Representative Console Customer Client Presentation Attendee Client
Jumpoint Connection Agent  

‡ If the LDAP server is outside of the DMZ, the Bomgar Connection Agent is used to authenticate users via LDAP.