Configuring HTTPS communication through firewalls


Management servers and nodes communicate with each other over the network. For nodes that have the HTTPS agent, this communication uses the HTTPS protocol. The figure below shows the network connections between management servers and nodes as follows:

Server to agent communication

When a management server or node opens a new connection, the operating system allocates the local port for the connection. On the other side of the connection, management servers and nodes both have communication brokers, which listen on port 383 for incoming connections. So by default, all connections have a local port assigned by the operating system and the destination port is 383.

If you have management servers and nodes on different networks that are separated by a firewall, the firewall may block connections between them, as the figure below shows. This prevents you from managing the nodes, because, for example, management servers cannot deploy policies and nodes cannot send messages.

A firewall between the management server and nodes blocks communication

If a firewall blocks HTTPS connections, you can reconfigure communication between management servers and nodes in several ways. The HPOM configuration you choose to implement depends mainly on the configuration of your network.

Note NOTE:
In an environment with multiple management servers, you can also configure the management servers to communicate with each other through firewalls. The configuration is the same as for communication between management servers and nodes.

Related Topics: