I am trying to get a BES running behind a corp firewall which will ... Server Admins forum
BES behing firewall
I am trying to get a BES running behind a corp firewall which will not allow the opening of port 3101.
I am hopefull that there is a way around this as the paperwork to get the port open is immence and a rather frustrated process.
Any help would be appreciated.
dagopher, Welcome to PinStack.
Not the BES Expert, but wanted to welcome you and to bump this up on the New Posts list so it might draw more help.
Let us know if there is anything else we can do to help with your BB.
Although we have a couple of dozen production BES servers in our environment, I recently went through the process of setting up a server in one of our labs to do some testing. I faced the same issues as you (rather daunting paperwork to get the firewall ports open) and looked around for some way to proxy the requests through our existing internet proxy without success. (I finally bit the bullet and did the "paperwork" and got permission to get the ports opened.)
RIM has been quite security concious, so the risk of opening that port is quite small. You may want to explain to "the powers that be" that the port only needs to be opened for connections that original from you BES server, on that one port, to the appropriate SRP addresses (there are currently two serving North America), which will allow the security folks to be pretty restrictive in what they have to open up. It may also help to point out that since the connections are always originated from your server, there is no need to have port 3101 open "inbound" to your environment, further minimizing the risk.
Finally, you might want to grab some of the security-related whitepapers off RIM's website which explain their security model. Here's one link to some of them: http://www.blackberry.com/knowledgec...owse&sort=name
Re: BES behing firewall
Port 3101 only needs to be open for outbound initiated bidirectional communication. This has no risk what so ever to your network.
Tags for this Thread