This Article will provide information on how the Secomea SiteManager connects to the GateManager. Which TCP Ports is used and which protocols.
By default, the SiteManager will automatically try a series of different methods and
protocols to connect to the GateManager Address
(Example: IP: 22.214.171.124 DNS: gm08.secomea.com)
•ACM/PXP (port 11444 TCP): This is a dedicated port for connecting to the GateManager server. Using a dedicated port is normally preferable as it separates the GateManager related traffic from other out-bound traffic in your network, so you can more easily track the GateManager traffic on your local network and on your Internet connection. But using a dedicated port also means that you will probably need to open this port in the company firewall, which may collide with corporate policy rules.
•HTTPS/TLS (port 443 TCP): This connects to the GateManager using the TLS protocol on port 443. This should work through firewalls that allow out-going HTTPS connections.
•TLS over HTTP (port 80 TCP): This connects to the GateManager using the standard HTTP port 80, but immediately upgrades that connection to a secure TLS connection. This may work through a firewall that only allows out-going HTTP connections.
•TLS via Web-proxy: This connects through a specified Web Proxy (see below), requesting that Web Proxy to connect to the GateManager on port 443 TCP. Once established, the normal TLS protocol is used.
•HTTP via Web-proxy: This connects through a specified Web Proxy (see below), requesting that Web Proxy to connect to the GateManager on port 80 TCP. Once established, the connection is upgraded to a secure TLS connection.
Additional outbound connections:
The SiteManager will also do lookups to 126.96.36.199-63 port 80 asking if its GateManager address is known. This is a build-in feature of the SiteManager which can be seen as a service for the end user.
If customer has his own GateManager. It has public IP xx.xx.xx.xx and customer needs to change it to xx.xx.yy.yy. Then Secomea can create the “NATTING” in the GateManager discovery service saying that SiteManagers connecting to xx.xx.xx.xx should connect to xx.xx.yy.yy