Firewall and connection requirements for the BlackBerry Enterprise Server
Tags bes firewall, port 3101
I did a post a while back on Firewall and connection requirements for the BlackBerry Internet Service ... but I still constantly see / hear people asking questions about what is required for BES.
Unfortunately the one recurring theme is people opening port 3101 inbound and I just shake my head. If you read the basic installation documentation you'll see this isn't needed and in fact makes your environment less secure and gives the appearance that BES is less secure as it would seem to require access into to your network.
Simply put, the BES opens a connection to the NOC, and keeps that session open. Once that pipe is there, traffic can flow back up to the BES from the NOC. The key to this whole thing is that the BES must initiate the connection.
Give this a read: KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server
It is a lot simpler than it is made out to be!
Unfortunately the one recurring theme is people opening port 3101 inbound and I just shake my head. If you read the basic installation documentation you'll see this isn't needed and in fact makes your environment less secure and gives the appearance that BES is less secure as it would seem to require access into to your network.
Simply put, the BES opens a connection to the NOC, and keeps that session open. Once that pipe is there, traffic can flow back up to the BES from the NOC. The key to this whole thing is that the BES must initiate the connection.
Give this a read: KB03735 - Firewall and connection requirements for the BlackBerry Enterprise Server
It is a lot simpler than it is made out to be!
Total Comments 0
