Firewall
This document outlines the necessary firewall ports for Blazam to function correctly.
User Access
Blazam listens for HTTP and HTTPS connections on the ports you configure during installation. You'll need to forward these ports on any firewalls to allow users to access the web interface.
System Communications
Firewall rules are required to allow the Blazam server to communicate with your infrastructure for directory services and remote management.
Active Directory (LDAP/LDAPS)
To query your domain controllers, Blazam requires access to specific LDAP ports. You must open a path from the Blazam server to your Domain Controllers.
| Protocol | Port | Description |
|---|---|---|
| LDAP | TCP 389 | Standard, unencrypted communication. |
| LDAPS | TCP 636 | Secure (LDAP over SSL/TLS) communication. (Recommended) |
| LDAP GC | TCP 3268 | Global Catalog for searching the entire AD forest. |
| LDAPS GC | TCP 3269 | Secure Global Catalog. (Recommended) |
Remote Workstation Management
For monitoring and managing remote workstations, Blazam uses standard Windows protocols. You must open a path from the Blazam server to your target workstations.
- Windows Remote Management (WinRM): This is the modern, preferred method.
- TCP 5985 (HTTP)
- TCP 5986 (HTTPS - Encrypted)
- Windows Management Instrumentation (WMI): This is a legacy method.
- TCP 135 (RPC Endpoint Mapper)
- TCP 49152-65535 (RPC Dynamic Port Range for modern Windows systems)
- ICMP (Ping): Allowing the ICMP protocol is required for Blazam to check if workstations are online.
- SMB: TCP 445 is needed to check the existing of home directories.