Firewall rules for DME Server 4.6 and above

Please note that a diagram of the firewall setup is shown at the bottom of this page for DME 4.5 Server setup.

1 - Internet
From Port Protocol To Comment
Devices 5011 TCP DME server

Synchronization over HTTPS. If required, you can change this to another port in the Default settings "Server path" setting, and NAT to a different port in the corporate firewall.

Devices 3945 TCP AppBox server

AppBox. EMCADS connection used by clients to access the AppBox. Secure. Can be any port, but encryption is always 256-bit AES, so packet inspection must be turned off in the firewall.

Devices 443 TCP AppBox server

AppBox. Connection used by clients to access the AppBox. Secure.

DME server 443 TCP DME Central Services

To cs.excitor.com for DME Central Services. See DME Server online documentationNote: If you want to use a proxy to connect to cs.excitor.com, please see the chapter Using a proxy in the Windows or Linux server installation guide.

DME server 2195 TCP APNS

Must be open to support Apple MDM. See online documentation. The hostname gateway.push.apple.com consists of a range of IP-addresses that all exist in Apple's A-class network 17.0.0.0 /8. So if your firewall is unable to do hostname lookups, this port should be opened to the Apple A-class network.

DME server 2196 TCP APNS

Must be open to support Apple MDM. See online documentation. The hostname feedback.push.apple.com consists of a range of IP-addresses that all exist in Apple's A-class network 17.0.0.0 /8. So if your firewall is unable to do hostname lookups, this port should be opened to the Apple A-class network.

DME server 80 TCP Web

Unless you are doing an offline installation of DME, this port needs to be open to install.excitor.dk and install.excitor.com during installation of DME, and probably also in connection with any installation of service packs etc. for your operating system. After this, you may close the port again.

DME server 43 TCP Whois lookup

For whois lookups. Used for looking up the provider of the connecting device, translating IP addresses in the Log tab to human readable DNS names. The Whois server is set up in Server configuration > Web > Log.

AppBox server 80/443 TCP Web

A connection must be opened from the AppBox server to any web server to be used through AppBox on the DME clients.

The AppBox server supports Basic and NTLM authentication.

3 - Internal LAN
From Port Protocol To Comment
DME connector 4447 TCP DME server

JBoss Service Port

DME connector 4712 TCP DME server

JBoss Service Port

DME connector 4713 TCP DME server

JBoss Service Port

DME connector 5445 TCP DME server

JBoss Service Port

DME connector 5455 TCP DME server

JBoss Service Port

DME connector 53 UDP DNS
DME connector 25 TCP SMTP (mail)

For sending error messages etc. to the users.

DME connector 443 TCP Collaboration system

For Secure connection to collaboration system.

DME connector 80 TCP Collaboration system

For not secure connection to collaboration system.

DME connector 3268 TCP Active Directory

If you use Microsoft Global Catalog for Global Address Book searches (typically in large organizations).

DME connector 3269 TCP Active Directory

If you use Microsoft Global Catalog using SSL for Global Address Book searches (typically in large organizations).

DME connector 389 TCP Active Directory

When not using Secure connection.

DME connector 636 TCP Active Directory

For Secure connection.

Management console 8080 TCP DME server

Secure workstation access to the DME server web administration interface via HTTPS.

DME server 1433 TCP Database - MS SQL Server

If MS SQL Server is installed on LAN.

DME server 3306 TCP Database - MySQL

For Remote MySQL installations. MySQL usually runs as localhost, requiring no specific firewall setup.

DME server 53 UDP DNS
DME server TCP NTP (time server)
DME server 25 TCP SMTP (mail)
DME server 443 TCP Local Area Network

If using shared file locations for the AppBox File Browser, you need to open secure port 443 (or 80 for not-secure) from the DME Server to the WebDAV-enabled file shares that are set up in the DME Web Administration Interface.

DME server 80 TCP Local Area Network

If using shared file locations for the AppBox File Browser, you need to open port 80 (or 443 for SSL) from the DME Server to the WebDAV-enabled file shares that are set up in the DME Web Administration Interface.

Exchange CAS Single port TCP DME connector

For Exchange 2007/2010 subscription. Specified in web interface > Connector > E-mail and PIM > Exchange e-mail and PIM > Subscription URL. See online documentation.

AppBox server 5011 TCP DME server

AppBox to DME Server. By default, the AppBox server uses the same port to connect to the DME server as the DME client devices do. If the standard port 5011 is changed for the clients, you need to change it for the AppBox server as well.

AppBox server 389 TCP Active Directory

Allows the AppBox server to access user directory. Not Secure connection.

AppBox server 636 TCP Active Directory

Allows the AppBox server to access user directory. Secure connection.