BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-08-2008, 10:51 AM   #1 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default BES Port

Please Login to Remove!

I understand it uses port 3101 UDP, but does it not also use the TCP port?

We have a dual WAN configuration, and I allow 3101 UDP coming into WAN1 and WAN2 to point directly to the BES server. The problem might be with the going out which we allow everything out.

When I do EA sync's the phone reports its unable to make contact with the server, however if I do the sync via wire with BES the user is able to send/recieve emails without any problems on their own, so if the 3101 UDP wasn't work they wouldn't get anything...

Andrew
Offline  
Old 08-08-2008, 10:53 AM   #2 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Whoa... you got a lot of stuff mixed up there.

BES only uses TCP port 3101 for outbound initiated bi-drectional traffic.
It doesn't use UDP for communication with SRP.

You should also NOT have any ports opened for Inbound traffic on port 3101 to your BES.
This is unnecessary and creates an additional security risk.
BES only needs outbound initiated traffic, not inbound.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 08-08-2008, 11:16 AM   #3 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by penguin3107 View Post
Whoa... you got a lot of stuff mixed up there.

BES only uses TCP port 3101 for outbound initiated bi-drectional traffic.
It doesn't use UDP for communication with SRP.

You should also NOT have any ports opened for Inbound traffic on port 3101 to your BES.
This is unnecessary and creates an additional security risk.
BES only needs outbound initiated traffic, not inbound.
Well the way SonicWALL works is they don't allow inbound traffic, you have to create rules to allow the traffic through the firewall. Which seems perfectly logical.

I read the its 3101 UDP in RIMs info... Are you saying RIM is wrong?

Leathal
Offline  
Old 08-08-2008, 11:24 AM   #4 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by SmoothRunnings View Post
Well the way SonicWALL works is they don't allow inbound traffic, you have to create rules to allow the traffic through the firewall. Which seems perfectly logical.

I read the its 3101 UDP in RIMs info... Are you saying RIM is wrong?

Leathal
I'm very familiar with Sonicwall, and many other security appliances and firewalls.
If you created any type of NAT policy related to your BES, or opened ports from WAN --> LAN directly to your BES... then you've made an error.

Show me where you've read about UDP 3101 in RIMs documentation.
I will definitely debate that as being a typo.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 08-08-2008, 11:25 AM   #5 (permalink)
BlackBerry Extraordinaire
 
gibson_hg's Avatar
 
Join Date: Dec 2007
Model: NA
PIN: 80081ES
Carrier: NA
Posts: 1,006
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

RIM uses TCP/IP to communicate, UDP is not used like that. UDP is how the BES receives notifications from Exchange of new mail.

If you have RIM documentation stating that they use UDP on 3101 I would love to see it.
Offline  
Old 08-08-2008, 12:28 PM   #6 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by penguin3107 View Post
I'm very familiar with Sonicwall, and many other security appliances and firewalls.
If you created any type of NAT policy related to your BES, or opened ports from WAN --> LAN directly to your BES... then you've made an error.

Show me where you've read about UDP 3101 in RIMs documentation.
I will definitely debate that as being a typo.
That's what SonicWALL's engineers told me to do... Should I get my lawyer after them?

Andrew
Offline  
Old 08-08-2008, 12:40 PM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by gibson_hg View Post
RIM uses TCP/IP to communicate, UDP is not used like that. UDP is how the BES receives notifications from Exchange of new mail.

If you have RIM documentation stating that they use UDP on 3101 I would love to see it.

The SonicWALL only has TCP (6).. It does not allow me to specify whether it's inbound or outbound TCP like you can do on Checkpoint and ISA Server.

Andrew
Offline  
Old 08-08-2008, 12:58 PM   #8 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,813
Post Thanks: 286
Thanked 305 Times in 287 Posts
Default

when you make a rule, you tell it lan to wan for the port and thats outbound not inbound.
__________________
unlock you phone here http://cellunlocker.net/blackberry-unlock.php
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Old 08-08-2008, 01:08 PM   #9 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Quote:
Originally Posted by SmoothRunnings View Post
The SonicWALL only has TCP (6).. It does not allow me to specify whether it's inbound or outbound TCP like you can do on Checkpoint and ISA Server.

Andrew
No, that's not correct.

Sonic OS will allow you to specify TCP(6) or UDP(17) when assigning port numbers to services.

When you make a firewall rule, if you specify WAN --> LAN, then you've created an Inbound rule. (Not necessary for BES)

If you specify LAN --> WAN, then you've made an Outbound rule. (Needed for BES)

The only change you need to make to your firewall is an Outbound rule that allows your BES server to communicate outbound from LAN to WAN over port 3101 TCP. That's it.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org

Last edited by penguin3107 : 08-08-2008 at 01:10 PM.
Offline  
Old 08-08-2008, 02:56 PM   #10 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by penguin3107 View Post
No, that's not correct.

Sonic OS will allow you to specify TCP(6) or UDP(17) when assigning port numbers to services.

When you make a firewall rule, if you specify WAN --> LAN, then you've created an Inbound rule. (Not necessary for BES)

If you specify LAN --> WAN, then you've made an Outbound rule. (Needed for BES)

The only change you need to make to your firewall is an Outbound rule that allows your BES server to communicate outbound from LAN to WAN over port 3101 TCP. That's it.
I figured out the problem anyways... thanks...

The issue wasn't with the firewall as I had a sneaky suspecision. It was with Rogers, they changed their data plans around so there is now a BIS and BES data plan. BIS data plan users can not connected BES servers or anything but BIS email servers...

Rogers has also not ramped up their data plans for their BES clients, so its possible that when the Bold comes out companies will still have to pay full price for their data plans while BIS users will be able to get 6GB data for $30 per month! (no joke)

BES only has 7MB, 25MB and 1GB data plans...

BIS has all the way up to 6GB.

1GB BES data plans are $100 per month, 6GB BIS data plan is $30 per month.

Andrew
Offline  
Old 08-08-2008, 03:06 PM   #11 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,813
Post Thanks: 286
Thanked 305 Times in 287 Posts
Default

what cost if you go over on a BES plan?
__________________
unlock you phone here http://cellunlocker.net/blackberry-unlock.php
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Old 08-08-2008, 05:28 PM   #12 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: May 2007
Location: Toronto, Canada
Model: 9700
OS: 5.0.0.423
PIN: 21B694E3
Carrier: Virgin Mobile Canada
Posts: 396
Post Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by knottyrope View Post
what cost if you go over on a BES plan?
$10 a MB
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.