Welcome!

Welcome to the Official BlackBerry Support Community Forums. This is your resource to discuss support topics with your peers, and learn from each other. New to the forum? Please visit the ‘Getting Started’ link below.
All New Topics | All New Posts
inside custom component

BlackBerry® Professional Software and BlackBerry® Enterprise Server Express

Reply
Topic Options
rberube
New Contributor
rberube
Posts: 3
Registered: ‎06-19-2012
My Carrier: AT&T

Is external (from outside corporate firewall) access to BES 5.0.3 Express webconsole possible?

Options

‎06-19-2012 03:48 PM

All:

 

BES-AS access from inside our firewall works - i.e. can login to webconsole using the the server name-based URLs (http://_name_/webconsole/login) from any of our locations. So our AD DNS resolves OK.

 

However, I need to be able to access server from outside the LAN segments - not working at moment.

 

I have:

  1. Set up external IP's NAT through firewall, & that points to the internal IP address of server running BES
  2. Set up TCP ports 3101, 3443, 11099, 11100, and 18180 through firewall for that connection

I get feeling I'm missing something either very obscure or very obvious - mainly because if I go to trouble of tunneling into our network via a VPN link, WebConsole opens up using the "http://_Server_IP_Address:3443/webconsole/login" URL. So use of IP address [vs. server name] is not issue.

 

Would prefer NOT to have to tunnel in, as the impact on my other web traffic speeds is considerable (due to all 0.0.0.0 traffic going into LAN then back out to Internet - direct connection better/easier).

 

Anyone have knowledge of [perhaps] TCP and/or UDP ports that I need to include in corporate firewall settings?

 

Thanks!

Report Inappropriate Content
Message 1 of 5 (1,058 Views)
Reply
0 Likes
Please use plain text.
 
Guru III
Guru III
knottyrope
Posts: 26,457
Registered: ‎06-25-2008
My Carrier:

I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Is external (from outside corporate firewall) access to BES 5.0.3 Express webconsole possible?

Options

‎06-19-2012 04:29 PM

you should only need to setup port 3443, close off the other ports as they are not needed

 

What firewall are you using?

 

I use ISA here for publishing a web server so my publishing is most likeley different.


Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info. SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope

No Sleep Till BlackBerry 10, A BlackBerry Song by Lil E Click here to listen

See me at BlackBerry Fans Get Hands-On BlackBerry 10 Demo

Want to thank me? Buy my KnottyRope App here

Report Inappropriate Content
Message 2 of 5 (1,056 Views)
Reply
0 Likes
Please use plain text.
 
rberube
New Contributor
rberube
Posts: 3
Registered: ‎06-19-2012
My Carrier: AT&T

Re: Is external (from outside corporate firewall) access to BES 5.0.3 Express webconsole possible?

Options

‎06-19-2012 04:41 PM

Specifically, using IE on either an old test XP laptop or a brand-spanking-new Win7x64 fireball, same result:

 

Trundle for a while, and then time out with "Internet Explorer cannot display webpage" error.

 

Ports-wise, I'll start subtracting when I can get connectivity - But, I do want to be able to do remote activations, so TCP 3101 in addition to 3443 is definitely indicated.

 

Firewall used is a CheckPoint, and I've set up numerous, multi-port NAT definitions - we use McAfee, which has a laundry list of port requirements, and access works fine...

Report Inappropriate Content
Message 3 of 5 (1,052 Views)
Reply
0 Likes
Please use plain text.
 
Guru III
Guru III
knottyrope
Posts: 26,457
Registered: ‎06-25-2008
My Carrier:

I am on AT&T. Please edit your Personal Profile with your DEVICE TYPE, DEVICE OS and Carrier

Re: Is external (from outside corporate firewall) access to BES 5.0.3 Express webconsole possible?

Options

‎06-22-2012 02:49 PM

are you using FQDN and provided correct DNS entries on your host records?

 

 


Click here to Backup the data on your BlackBerry Device! It's important, and FREE!


Click "Accept as Solution" if your problem is solved. To give thanks, click thumbs up
Click to search the Knowledge Base at BTSC and click to Read The Fabulous Manuals

BESAdmin's, please make a signature with your BES environment info. SIM Free BlackBerry Unlocking FAQ
Follow me on Twitter @knottyrope

No Sleep Till BlackBerry 10, A BlackBerry Song by Lil E Click here to listen

See me at BlackBerry Fans Get Hands-On BlackBerry 10 Demo

Want to thank me? Buy my KnottyRope App here

Report Inappropriate Content
Message 4 of 5 (1,039 Views)
Reply
0 Likes
Please use plain text.
 
rberube
New Contributor
rberube
Posts: 3
Registered: ‎06-19-2012
My Carrier: AT&T

Re: Is external (from outside corporate firewall) access to BES 5.0.3 Express webconsole possible?

Options

‎06-22-2012 03:13 PM

For security reasons, this server name will never appear in our external DNS host lists.

 

We (IT) typically will use as URL the external IP address that has been set up for NATing to the server's internal IP address.

 

And in this case, we have proven that name and DNS do not have to be factors, as server is reachable and fully functional when either direct navigation (using server's internal IP address) from a PC on the LAN is used, or if I RRAS into our LAN is done, and then once on our segment, either server name or internal IP work just fine.

 

Thanks for replying - no joy yet...

Report Inappropriate Content
Message 5 of 5 (1,037 Views)
Reply
0 Likes
Please use plain text.