SDK Resources > Intel® vPro™ Gateway (MPS) > Security Considerations

Security Considerations

With Intel AMT platforms operating outside the enterprise firewall and the MPS operating inside the firewall, the firewall must be configured to allow traffic to flow between the Intel AMT platforms and the MPS. Further, the MPS may be in a DMZ, with another firewall between it and the Management Consoles.

Depending on installation policy, the external firewall must be configured to allow packets addressed to the incoming port and to the outgoing ports to cross the firewall.

Outgoing Ports

Intel AMT accepts the following ports:

Port

Use

16992

SOAP over TCP

16993

SOAP over TLS

16994

Redirection over TCP

16995

Redirection over TLS

623

DASH over TCP

664

DASH over TLS

 

Incoming Ports

Intel AMT platforms access the MPS using the port defined when the platform was configured (see MPS Configuration Parameters).

Apache as the Inner Firewall

The Apache server, used as a proxy server, filters incoming and outgoing packets in flows between Intel AMT platforms and Management Consoles. The consoles determine their own ports for each session they manage. The outgoing ports are the standard ones listed above. The Apache configuration contains an AllowCONNECT statement that lists the Intel AMT ports that Apache will accept. See Proxy Server Configuration.

Copyright © 2006-2022, Intel Corporation. All rights reserved.