Professional Documents
Culture Documents
Network Port KACE SMA Appliance To Function
Network Port KACE SMA Appliance To Function
Network Port KACE SMA Appliance To Function
Which network ports and URLs are required for the KACE SMA appliance to function?
(4211365)
Return
Recommended Content
Did this article solve an issue for you? [Select Rating] Best Practices for Securing your SMA
(4209518)
Title How to make your System Management
Which network ports and URLs are required for the KACE SMA appliance to function? Appliance (SMA) publicly facing - SMA integrity
test (4311962)
SMA External Listening Port and Zones
Description Explained (4214233)
Network Ports needed for the KACE Systems
The following table describes expected KACE Systems Management Appliance (SMA) tra c (inbound, outbound, bidirectional) at the NIC. This is meant to Deployment Appliance (SDA) (4315017)
describe internal network behavior. Any outbound ports that require access out to the internet are labeled as 'NAT' in the Direction column. Some unique
con gurations, such as allowing SMTP inbound directly to the SMA will require slight deviation and custom con guration outside the con nes of this list. When in Product(s):
doubt, contact KACE Support for clari cation. KACE Asset Management Appliance
12.1, 12.0, 11.1
KACE Systems Management Appliance
Quest’s patching and updating process for KACE® System Management Appliances (SMA) includes several security features. For Topic(s):
example, Quest’s transmissions of patch and update metadata for SMA are encrypted. Checksums are used to validate the integrity of Con guration
SMA patch payloads. And, the directory where SMA patch payloads reside is permission-controlled to prevent user tampering.
Article History:
As with any web-server based application, security best practices include limiting access to the KACE Systems Management Appliance Created on: 10/26/2022
(SMA) from the Internet. Careful consideration and review of the environment are necessary to ensure security. Last Update on: 10/26/2022
It is strongly recommended to consider rewalls, encryption, port access, roles, antivirus, SSL, access control list, disaster recovery, and
review Best Practices for Securing your SMA prior to con guring the SMA on the Internet. At a minimum, if the SMA is con gured as
internet/public facing, only port 443 (HTTPS) tra c should be allowed inbound through a rewall to the SMA for UI access and agent
communication tra c. Search All Articles
22 SSH for KACE Support Tether Security Settings Optional Outbound/NAT SSH
80 User/Admin/System UI (non-SSL); Security Settings Required for UI/Agent tra c if SSL not Inbound (non-SSL); HTTP
Agent/Replication Share enabled; Strongly recommend using
Outbound/NAT (SMA requires HTTP
Downloads (non-SSL) SSL instead; Still required
for patch feed sync)
outbound/NAT for SMA itself
199 SNMP Read Access (SMUX) Security Settings Optional Inbound TCP
443 SSL User/Admin/System UI; Security Settings Required if SSL is enabled Inbound (Agent/Replication Share HTTPS
Agent/Replication Share Tra c);
Downloads
Outbound/NAT (several services,
including patching, rely on the ability
to download to the SMA from the
internet via HTTPS)
587 SMTPS Outbound Mail Relay Queue Required for email sending via SMTPS Outbound; TCP
Con guration /
NAT (if using a cloud service)
Network Settings
110/995 POP3/SPOP Inbound Mail Queue Required for email retrieval via Outbound; TCP
Con guration / POP/SPOP
NAT (if using a cloud service)
Network Settings
139/445 Access to Samba Shares/SMB Security Settings Both Ports Required for Provisioning Bidirectional SMB
(Replication Shares, Agent (non-WinRM)
Provisioning (non-WinRM
method))
5985 WinRM (HTTP/HTTPS) used for Agent Provisioning Optional Outbound HTTP/HTTPS
Agent Provisioning
52231 Upgrade Status Page (temporary Not Con gurable Optional Inbound HTTP/HTTPS
web server during upgrade)
Purpose URL
HP Warranty css.api.hp.com
Publisher URL(s)
Don HO download.notepad-plus-plus.org
inkscape.org media.inkscape.org
Mozilla ftp.mozilla.org
Did this article solve an issue for you? [Select Rating] Request a KB Article
Leave a Comment
Send Comment Must select 1 to 5 star rating above in order to send comments
© 2022 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy