Support for placing the BlackBerry Enterprise Server in the DMZ

Article ID: KB12281

Type: Support Content

Last Modified: 11-02-2012

 

Product(s) Affected:

  • BlackBerry Enterprise Server 5
Jump to: Environment | Overview
CollapseEnvironment
  • BlackBerry Enterprise Server
CollapseOverview

Placing the BlackBerry Enterprise Server in the demilitarized zone (DMZ) is neither recommended nor supported.

If the BlackBerry Enterprise Solution is placed in the DMZ, a number of communication ports may need to be opened between the DMZ and the internal network to allow the BlackBerry services to transfer data for their respective functions such as Mail, Calendar, Browsing, Instant Messaging etc. Additionally, connections through those ports must be allowed to be initiated from the insecure side of the firewall into the secure portion of the network (i.e. inbound-initiated connections).

The BlackBerry Enterprise Server should not be placed in the DMZ because of the number of connections required to make a mail server call for email messages. The mail server varies the available port numbers, making the port numbers inconsistent. It is difficult to configure the firewall for all of the available port numbers. In addition, issues with name resolution might occur when polling the Domain Controller or Global Catalog Server.

As a security practice, installing the BlackBerry Router in the DMZ can be done and is fully supported. This is the only BlackBerry Enterprise Server component that should exist outside of an organization's firewall. For additional information on installing the remote BlackBerry Router in the DMZ, please review the documentation Placing the BlackBerry Router in the DMZ - Security Note - BlackBerry Enterprise Server found within the BlackBerry Enterprise Server Security section of the Administrator Documentation. It is recommended to consult with internal Network Security Group before opening any ports between DMZ and Internal Network, to understand the risks that may be associated with this change.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.