• Endpoint Manager On-Premise Deployment Guide
• How It Works
• Hardware Requirements
• Network Communication
• Firewall Requirements
• Software Requirements
• DNS Requirements
• SSL Requirements
• Export Certificate For Use On Endpoint Manager And Tigase Server
• Installation Via Installer
• Manual Installation
• Manual Upgrade
• SMTP Settings
• About Comodo Security Solutions

Network Communication

The on-premise installation consists of multiple services and components which communicate with each other.

Public listen ports

EM Server

• 80 HTTP - web port (redirects to https port 443 by default). Port 80 is only used for non-https browser connections

• 443 HTTPS - common port which handles all incoming connections with TLS encryption

Tigase (xmpp) Server

• 443 TCP - Secured TCP connection for endpoints and remote control tools

• 5222 TCP - Default XMPP port with the same purposes but not used. Might be used as a fallback option for 443

• 8080 HTTP - Service port for sending push messages. It is only used by the Endpoint Manager server and can be closed for external connections.

Turn server

• 49152 - 65535 UDP - Dynamically allocated port range for remote control connections to endpoints located behind the NAT

Private network

Besides public ports most services expose specific ports to internal network which is closed to external world. These ports could be exposed just for debug purposes, but by default all service ports are closed including databases, message brokers and microservices which are the part of all system.