Simplified flowchart of Medulla

Simplified Flow Rules

The rules are interpreted as follows:

SOURCE -> DEST means that the flow is initiated from the SOURCE to the DESTINATION.
If the protocol is not specified, then it defaults to TCP.

If you have a single Medulla server, refer to the table:

1. Without a Relay Server

If you have a Medulla server and a relay server, refer to the table:

2. With a Classic Relay Server

If you have a Medulla server and a DMZ relay server, refer to the table:

3. With a DMZ Relay Server

Medulla external access:

updates.siveo.net:443
download.windowsupdate.com:80

Medulla access to other internal servers:

Your GLPI server (if you have one)
Your LDAP server (if you have one; see our LDAP documentation: LDAP DOC)

Access from your Admin Machine to Medulla:

Connection	Ports Used (DEST)	Notes
Your internal admin workstation ➡️ Medulla server	139/445 8384	Traffic initiated by the internal admin workstation to Medulla.

Connection

Ports Used (DEST)

Notes

Your internal admin workstation ➡️ Medulla server

139/445

8384

Traffic initiated by the internal admin workstation to Medulla.

1. Without Relay Server

Connection	Ports Used (DEST)	Notes
Internal workstation ➡️ Medulla server	22 (SSH) 67/69 (UDP) 80/443 111/2049 (TCP & UDP) 5222 8443 9990 9999, 22067 55415	Traffic initiated by the extension to Medulla.
Medulla server ➡️ Internal workstation	9 22 ( SSH) 3389 5900 5985/5986 35621 35623	Traffic initiated by the Medulla server to internal extensions.

2. With Classic Relay Server

Connection	Ports Used (DEST)	Notes
Internal workstation ➡️ Medulla servers	22 (SSH) 67/69 (UDP) 80/443 111/2049 (TCP & UDP) 5222 8443 9990 9999, 22067 55415	Traffic initiated by the extension to Medulla.
Medulla servers ➡️ Internal workstation	9 22 ( SSH) 3389 5900 5985/5986 35621 35623	Traffic initiated by the Medulla server to internal workstations.
---	---	---
Medulla Server ➡️ Relay Server	22 ( SSH) 5269 8081 9990 22000	Traffic initiated by Medulla to the DMZ Server.
Relay Server ➡️ Medulla Server	22 ( SSH) 5269 7080 8443 9999 22067 22000	Traffic initiated by the DMZ server to Medulla.
---
Internal Station ➡️ Relay Server	22 69/69 (UDP) 80/443 111/2049 (TCP & UDP) 5222 9990	Traffic initiated by the internal extension to the Relay Server.
Relay Server ➡️ Internal Station	9 22 3389 5900	Traffic initiated by the Relay Servertothe internal extension.

3. With DMZ Relay Server

Connection	Ports Used (DEST)	Notes
Internal workstation ➡️ Medulla Server	22 (SSH) 67/69 (UDP) 80/443 111/2049 (TCP & UDP) 5222 8443 9990 9999, 22067 55415	Traffic initiated by the extension to Medulla.
Medulla server ➡️ Internal workstation	9 22 ( SSH) 3389 5900 5985/5986 35621 35623	Traffic initiated by the Medulla server to internal workstations.
---	---	---
Medulla Server ➡️ DMZ Relay Server	22 ( SSH) 4369 4370 to 4380 5269 8081 22000	Traffic initiated by Medulla to the DMZ Server.
DMZ Relay Server➡️ MedullaServer	22 ( SSH) 4369 4370 to 4380 5269 7080 8443 9999 22067 22000	Traffic initiated by the DMZ server to Medulla.
---	---	---
External Host ➡️ DMZ Server	22 ( SSH) 5222	Traffic initiated by the external workstation to the DMZ server.

Port descriptions

Port 9: used for Wake on LAN (WOL) to wake up a remote workstation.

Port 22 (SSH): SSH port used by Medulla for remote operations, command execution, and agent administration.

Ports 67 and 69 (UDP): used for DHCP and TFTP, particularly during PXE boot or for loading deployment images.

Ports 80 and 443: HTTP and HTTPS, used for web access and secure communication with Medulla services.

Port 111 (TCP and UDP): used by Portmapper / RPCbind, required for NFS services and certain internal network calls.

Port 3389: used for RDP to connect remotely to Windows workstations.

Port 4369: used for an ejabberd cluster if you have a DMZ relay

Ports 4370 to 4380: used for an ejabberd cluster if you have a DMZ relay

Port 5222: used by XMPP for communication between Medulla agents and the server.

Port 5269: used by XMPP for server-to-server communication, particularly between Medulla and the DMZ relay server.

Port 5900: used by VNC for remote control.

Ports 5985 and 5986: used by WinRM (HTTP and HTTPS) for remote commands on Windows.

Ports 7080 and 8081: used by internal services or management APIs required by the relay server or Medulla components.

Port 8443: HTTPS used by Medulla’s secure interface or APIs.

Port 9990: used by an internal Medulla service for management and monitoring.

Port 9999: used as an internal synchronization or exchange port between the Medulla server and components such as the relay.

Port 22000: used by Syncthing as the main channel for data synchronization (packages, artifacts, inventories).

Port 22067: used by Syncthing as a relayed channel, useful for mobile devices or those located behind a NAT.

Ports 35621, 35623, and 55415: dynamic ports used by Medulla agents for real-time communication, inventory, synchronization, or task execution.

Network requirements for Medulla SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Remote Maintenance & Getting Started

Deployment (broadcasting)

Remote Maintenance & Getting Started

FLUX Test

Firewall

IMAGING Prerequisites

Active Directory

I already have a PXE server on my network. Is that a problem?

Simplified flowchart of Medulla

OIDC

DNS and Medulla Relay views in the DMZ

Filter machine types by GLPI ID

Your GLPI with Read-Only User

Disable convergence for the Extract drivers package

Configuration Guide: OIDC Authentication and User Synchronization

Increase the connection timeout to the interface

Activation Support / WSUS / CVE

Change the server's FQDN

Change the SSH port between Server and Client

GLPI - Connect an external GLPI

Network requirements for Medulla Private SaaS

Client Accounts (Status & Visibility)

Deployment (broadcasting)

Packages

Console & Administration

Remote Maintenance & Getting Started

Client Accounts (Status & Visibility)

Packages

Console & Administration

Remote Maintenance & Getting Started

Set the agent to Debug

Windows Agent Issue

Introduction

ACLs

ACLs continued

Console & Administration

Deployment (broadcasting)

Packages

Updates (Windows Updates)

Imaging menus

Client Accounts (Status & Visibility)

GPO

Reconfigure my agent

Generate Windows and Linux agents

Agents for the MINT Linux distribution

Uninstalling the Medulla Agent (Versions prior to 5.5.2)

Uninstalling Medulla Agent Version 5.5.2 and later

Architecture and Deployment of Medulla Relay Servers

Procedure for adding relays to Medulla Dedicated SaaS

Medulla Update - 5.4.x to 5.5.x

Simplified flowchart of Medulla

Simplified Flow Rules

If you have a single Medulla server, refer to the table:

If you have a Medulla server and a relay server, refer to the table:

If you have a Medulla server and a DMZ relay server, refer to the table:

Medulla external access:

Medulla access to other internal servers:

Access from your Admin Machine to Medulla:

1. Without Relay Server

2. With Classic Relay Server

3. With DMZ Relay Server

Port descriptions