Bomgar Appliance Network Infrastructure

Each Bomgar Appliance needs a physical connection to the network and a separate IP address. Additionally, a Domain Name System (DNS) record for each appliance is recommended, along with the DNS A Record or a Canonical Name (CNAME) record pointing to the appliance. Since any customers you support using Bomgar use the public portal name you give them to request remote support, the simple yet descriptive name is the best approach. For instance, a company named 'Example' might use support.example.com for their DNS record.

Some companies have network standards and guidelines for DNS names that may increase the complexity of the public portal name. For instance, the 'Example' company might require every DNS name to include the geographical region and department within the name, such as usa.hr.example.com. This name is difficult for customers to use and remember. In this instance, the best practice is to create a CNAME that ultimately points to the appliance and public site. The CNAME is usa.hr.example.com, as shown below:

support.example.com

CNAME

usa.hr.example.com

usa.hr.example.com

A

192.0.2.23

Here is one more example, using the common foo bar terminology:

foo.example.com

CNAME

bar.example.com

bar.example.com

A

192.0.2.23

The connection from each of the various clients is an outbound connection from the computer to the appliance, and the only required ports are 80 and 443. Therefore, the allowed ports would typically be 80 and 443 from the internet to the DMZ, and 80 and 443 from the internal network to the DMZ. Port 22 is an outbound port from the appliance to Bomgar. More ports may be available depending on your build.

Optionally, the appliance can be configured to automatically check for updates from download.bomgar.com and update.bomgar.com. This requires an outbound connection on port 443 from the appliance and the ability to connect to a DNS server to resolve this name. If the DNS Server is within the DMZ, no additional ports would be required, but if the DNS server is in a different zone, the necessary ports for this would need to be allowed as described in the Firewall Rules table below. This can be avoided by downloading updates for the appliance and applying them manually. Lastly, the server is configured with an NTP server to sync the time on the appliance. This can be supported by connecting to clock.bomgar.com, or it can be supported pointing to an internal NTP server using Port 123.