KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

HostMon behind firewall

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
Thore



Joined: 26 Nov 2009
Posts: 23

PostPosted: Tue Oct 12, 2010 8:29 am    Post subject: HostMon behind firewall Reply with quote

Hi all

Can somebody tell me which ports are needed to open on a firewall so HostMon is able to proceed it's test?
Currently we are not using any RMAs on the servers which should be tested by HostMon
Thanks for your comments

Best regards
Thorsten
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Tue Oct 12, 2010 10:42 am    Post subject: Reply with quote

We got this question everyday. Somehow a lot of people do not understand - in order to check standard Windows and Internet services HostMonitor should use standard ports assigned for these services.
This means everything depends on what exactly service you are checking.

E.g.
FTP protocol uses TCP ports 20 and 21
SMTP protocol uses TCP port 25
DNS protocol uses port 53
POP3 protocol uses port 110
IMAP protocl uses port 143
NTP protocol uses port 123
HTTP protocl uses port 80
HTTPS protocl uses port 443
LDAP protocol uses port 389
SNMP protocol uses port 161 (162 for SNMP Traps)
Sure, some specific servers can be configured to use non-standard TCP/UDP ports. If you don't know what ports are used by your servers, you should ask your network administrator.

HostMonitor calls network client installed on your system to perform the following tests:
- UNC
- Drive free space
- File/Filder availability
- Folder/file size
- Count files
- File integrity
- Text log
- Compare file, etc.
This means used ports and protocols depend on network client you are using.
E.g. NETBIOS over TCP uses ports 137-139, 445. If you are using different network client, please check the manual that comes with your network client.

HostMonitor uses Windows RPC for the following test methods:
- NT eventlog test
- Services test
- Process
- Dominant Process
- Performance counter test
- CPU usage
- WMI test
Windows RPC calls may use any port above 1024.

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596

Another useful article from Microsoft: network port requirements for the Windows Server system
http://support.microsoft.com/kb/832017

On the other hand, firewall that passes thru NETBIOS, RPC, DCOM traffic does not have much sense. If you need to monitor remote network protected by firewall, we strongly recommend using RMA
http://www.ks-soft.net/hostmon.eng/rma-win/index.htm

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Thore



Joined: 26 Nov 2009
Posts: 23

PostPosted: Wed Oct 13, 2010 12:20 am    Post subject: Reply with quote

Hi Alex

That's exactly the info I expected. So it really might be better to use RMA and then only 1 Ports must be opened. Am I correct with this?
Thanks so far

Best regards
Thorre
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed Oct 13, 2010 10:44 am    Post subject: Reply with quote

Yes, RMA uses just 1 TCP port and encrypts all traffic.

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
greyhat64



Joined: 14 Mar 2008
Posts: 246
Location: USA

PostPosted: Tue Nov 09, 2010 11:48 am    Post subject: Reply with quote

Yes, but you'll need an additional port for RMA Manager communication (default 5057/TCP)
Back to top
View user's profile Send private message Send e-mail
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Tue Nov 09, 2010 2:22 pm    Post subject: Reply with quote

Passive RMA does not require additional port.
Active RMA does not need any port to be opened on system where agent is running (it connects to HostMonitor so port should be opened on HostMonitor/RMA Manager side)

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index