Are there any recommendations out there regarding using the Connection Agent with Forefront Threat Management Gateway? We really want a reverse proxy in front of the connection agent since the connections it makes are so sensitive. What ports need to be open on the front end? Is 80 or 443 sufficient?
Tomcat installs by default to port 8080. You can configure it to use a different port. The Connection Agent can be configured to accept queries from only specific IPs. If you restrict the IP that can send requests to the Connection Agent, you will have to use the IP address for PerfectForms (The IP address of app.perfectforms.com is 18.104.22.168), and use proxy in all of your connections. Normally queries to the Connection Agent come from the users’ browser. Checking Use Proxy will route all queries through the PerfectForms app.