We are adding a shadow server that needs to communicate with the collector over the firewall. What are the ports that are needed for PHD to work optimally over a firewall?
Here are our recommended ports for optimal PHD communication through a firewall;
445 TCP (Authentication and send changes – Collectors to Shadow, Shadow to Collectors, Users to Shadow. Can be bypassed, but updates and monitoring won’t work.)
3100 TCP PHD connections and trusted send changes to PHD (Collector to Shadow, Shadow to Collectors, Users to Shadow)
3150 TCP Untrusted PHD updates (Shadow to Collector) 4100 TCP for RDC communication (Shadow to Collectors, Collectors to Shadow)
41000 TCP Uniformance System Console (Shadow to Collectors, Collectors to Shadow)
53100 TCP for Uniformance Database Servers service (Collectors to SQL Server, Shadow to SQL Server, Users to SQL Server)
In addition to these you will need to specify ports for the RDIs that cross the firewall. Usually these are 5-digit port numbers such as 54000+. Also all ports except for 445 TCP can be customized so that you have added security by not using the default PHD servers.
Port 445 is no longer needed in newer versions of PHD. This is good, because it
Additionally, port 4100 is no longer needed as that functionality is now done by Uniformance System Console via 41000.
Now, you need port 5712 between each PHD server and the Universal License Manager (ULM) server starting in version 340 because Honeywell has gone to needing to verify licenses before allowing a PHD server to operate.
For the clients, starting in Uniformance Process Studio version 322, you additionally need to open port 5712 between all of the clients and the Universal License Manager (ULM) server. Note: this can be a DIFFERENT ULM server vs. what was used to validate licenses for the PHD Servers themselves.
You can “link” multiple ULM license servers on distinct networks (separated by firewall) if you allow port 5712 communication between the license servers. One will contain the license, the others will check with that server to see whether a license is available. This simplifies firewall administration.
Please call us at 713-498-9718 for questions and assistance. Ask for Jason.