mymbCONNECT24: What Ports and IP-Addresses must be released during installation

This document describes what needs to be checked during the installation process of your mymbCONNECT24 Server.

1. Requirements

Please note:

These requirements concerns you only, if you are using the mymbCONECT24.virtual Server. 

If you are not using the mymbCONECT24.virtual, please continue with the next point (2.).
  • ESXi-Server (V5.0.0 or later)
  • at least 2 vCPUs
  • at least 2 GB RAM
  • at least 20 GB disk space
  • Import the .ova file into the ESXi server (you will find the file on the installation medium)
  • "root" access to the ESXi server

2. VPN IP Network of VPN Authentication Server

Choose the IP address range for the VPN IP network of the VPN authentication server.

Address Ranges

10.0.0.0/24           recommended
172.16.0.0/24      alternative
192.168.0.0/24    not recommended

3. Ports to Activate

The firewall must be configured for the public IP address to forward the ports to the WAN IP address of the server (ports and protocol).

IP addresses of the WAN interface are mostly taken from the local area network address range, i.e. the WAN IP address of the server is not the same as the locale IP address. This has to be considered for later settings. You required the WAN IP address as well as the public IP address of the firewall.

4. Inbound

Direction: from Internet to Server

The server must be reachable with his WAN IP address for the protocol TCP on the following ports:

•    Frontend / Backend / VPN

If you did not change the default settings, activate at least these ports: 80, 443 and/or 1194

•    Manufacturer Support via SSH

The SSH access for support by the manufacturer is disabled by default. Activate port 22 and enable SSH access in the backend.

5. Outbound

Direction: from Server to Internet

The server must reach these following services in the Internet via the WAN interface:

Service URL Port
License server https://licenses.mbconnectline.com/license/index.php/api TCP 443
License server https://registration.mbconnectline.com/license/index.php/registrationapi TCP 443
Update server https://autoupdate.mbconnectline.com TCP 443
Onlinehelp http://www.cc-onlinehelp.com/en/ TCP 80
SMS DISPATCH - own Gateway https://gateway.smstrade.de/* TCP 443
Text2Speech Gateway https://rest.messagebird.com/* TCP 443
Google QR Code https://chart.googleapis.com/* TCP 443
Map Widget https://a.openstreetmap.org/* TCP 443
Map Widget https://b.openstreetmap.org/* TCP 443
Map Widget https://c.openstreetmap.org/* TCP 443
if "Activate automatic mail settings" is set to "Yes" mail.mymbnet.biz TCP 25
NTP (as default activated) 0.de.pool.ntp.org UDP 123
DNS   TCP / UDP 53
Syslog Server   UDP 514
Fail2Ban http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz TCP 80
Fail2Ban (Firmware V2.2.1 or later) https://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz

TCP 443

 

Typ: FAQ Revision: EN-mbconnect24-01-V1.2 Datum: 22.07.2019