IT assistant has been configured to use SNMP and ICMP through our firewall. When the OpenManage server running IT Assistant tries to query a client it sends out a snmp get packet on port 161udp. In this packet is a reply port which is dynamic.
Can this reply port be fixed so that we can open this port on the firewall or is it in a range so that we can open up a small range through the firewall?
I have found that the snmp get packet contains a reply port for which the server needs to reply on. This port number is dynamic although Dell think it is in a range. I have requested that future versions can be configured to have a fixed port for use through a firewall, but whether they do it is another matter!
I have found that the only real use for IT Assistant through a firewall is to use it as a trapping station (162 udp back to the IT Assistant server). This can then, based on a filter, trigger and event action which could be an email to your helpdesk. You could then use this information to dig deeper, maybe using Server Administrator locally.
Here is the reply I got from Dell:
the ports used are the higher ports in the range shown in TCP. You definitely
need the following TCP ports open, additionally port 2607 if the ITAssistant
7 (ICMP), 161 (SNMP), 162 (SNMP), 1311, 1486, 1487, 3138, 3139, 3142, 3144,
1485, 5900 (ERA 1.2 GUI), 5901 (ERA 1.2 TXT)
The problem is that the ports used could be just about anything (above 1024)
as it is purely a dynamic arbitrary range. If you open 1311, 1485 - 1487 and
5900 - 5901. These ports are "fairly" fixed, following this there seems to
be a preference for 3100 and up for status checks - though these do change!
Would anyone from Dell like to comment on this issue? I would like to know if in future versions that the SNMP get reply port can be fixed for firewall support.