Place "Control Center" in DMZ directly or use a relay and ports that need to be open
Hello everyone,
We are planning to purchase BitDefender "GravityZone Business Security" for our still quite small company. In our setup, the BitDefender agents will run on devices that do not have a permanent connection to the protected corporate network, but are only connected to the corporate network from time to time via VPN. Of course, we can place the "Control Center" directly in the DMZ, but we wonder whether it would be better to create an additional (virtual) endpoint in the DMZ and let it take on the role of a "Bitdefender Endpoint Security Tools Relay". At least that is my assumption, but unfortunately this is not entirely clear to me from the description at https://www.bitdefender.com/business/support/index.html?lang=en.
Is it correct that (if we are not using a security server) ports 7074-7076, 8443 and 443 must be open in both cases (we do not want to use unencrypted connections, so 8080 and 80 are omitted)?
Best regards
Peter
Comments
-
Hello @PeterMlr ,
The easiest way would be to implement the cloud solution as you have devices that are not always connected to the company network. This will offer the best protection.
For your question, you can install ECS Balancer and 2 ECS instances. One of the ECS instances can be with a Public IP or have port 8443 exposed to the internet. It would be best if the public IP is fixed or is having and FQDN.
To give you an insight of this you can check the Managing endpoints outside of the company network from .
For the communication ports, we have the complete list available here:
Kind Regards,
Andrei
1
