none
MAP 6.5 toolkit firewall needed ports???????

    Frage

  • i've read the getting started guide tha's with the MAP toolkit but the firewall section is totally misleading. as it says that it needs to have ports 139, 445, 135 TCP and 137, 138 UDP . but when i use these ports only it fails and tells me that "RPC esrver unavailable", i knew later that TCP 135 has to have a dynamic range opened to be able to communicate over RPC.

    so can anyone that has implemented MAP toolkit with firewall between VLANs help me with the real required ports and their directions, are they needed from the MAP computer to the clients or vice versa or two way??????

    pleeeeeeeeeease help..

    thanks in advance.

    Dienstag, 28. Februar 2012 09:36

Alle Antworten

  • There are different ports needed depending on what collector technology is used in the inventory, and that is determined by what scenarios you choose in the wizard.

    For WMI, the most common, you need port 135. But it turns out that is only part of the solution; you also need ports 1024-65535. The reason for this has to do with the way RPC works. WMI uses DCOM to communicate with remote machines, and DCOM uses RPC extensively.

    When a computer boots, WMI is assigned a dynamic port by the RPC service. When the MAP computer makes a WMI request, it first talks to the target computer’s RPC Endpoint Mapper which is listening on port 135 and asks it what port has WMI been assigned. The RPC Endpoint Mapper replies with the port for that machine and then MAP sends the WMI query to that port. The port can be different for each machine that MAP tries to connect to, which is why I can’t be more specific than 1024-65535. This is similar to the way SQL Server works using the SQL Browser and since many applications and services use RPC for remote communications; this is how they work as well.

    I've heard that there is a way to force WMI to use a static port, but I haven't seen consistant success with it.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Dienstag, 28. Februar 2012 19:52
    Moderator
  • Does anyone have a better range of ports that MAP uses for WMI ?

    On Windows XP, our tests have shown that tcp ports like 1646 and 1653 are being used.

    Apart from tcp port 135, Windows 7 doesn't seem to need a range of ports to be exempted in the firewall

    Freitag, 13. April 2012 22:24
  • See this support KB for more port info. If you enable the WMI service in Windows Firewall, then it deals with the dynamic port assignments for you. For firewalls that don't allow you to specify a service but instead require you only specify a port, the firewall may not handle the dynamic port assignment for you and you need to open up the range.

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Montag, 16. April 2012 19:41
    Moderator