KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

What ports should we open on firewall?

 
Post new topic   Reply to topic    KS-Soft Forum Index -> FAQ (Frequently Asked Questions)
View previous topic :: View next topic  
Author Message
KS-Soft



Joined: 03 Apr 2002
Posts: 12790
Location: USA

PostPosted: Tue Oct 12, 2010 10:51 am    Post subject: What ports should we open on firewall? Reply with quote

Question:
We want to monitor remote network protected by firewall but we do not want to install RMA; we want to monitor systems protected by firewall directly from HostMonitor installed in different network.
What ports should be opened on firewall? What ports HostMonitor uses for monitoring?

Answer:
HostMonitor does not use some custom made protocols (unless we are talking about HostMonitor <-> RCC or HostMonitor <-> RMA communication), it uses standard Internet and Windows protocols.
In order to check standard Windows and Internet services HostMonitor should use standard ports assigned for these services.
This means everything depends on what exactly service you are checking.

E.g.
- FTP protocol uses TCP ports 20 and 21
- SMTP protocol uses TCP port 25
- DNS protocol uses port 53
- POP3 protocol uses port 110
- IMAP protocl uses port 143
- NTP protocol uses port 123
- HTTP protocl uses port 80
- HTTPS protocl uses port 443
- LDAP protocol uses port 389
- SNMP protocol uses port 161 (162 for SNMP Traps)
Sure, some specific servers can be configured to use non-standard TCP/UDP ports. If you don't know what ports are used by your servers, you should ask your network administrator.

HostMonitor calls network client installed on your system to perform the following tests:
- UNC
- Drive free space
- File/Filder availability
- Folder/file size
- Count files
- File integrity
- Text log
- Compare file, etc.
This means used ports and protocols depend on network client you are using.
E.g. NetBIOS over TCP (NTB) uses ports 137-139, 445. If you are using different network client, please check the manual that comes with your network client.

HostMonitor uses Windows RPC for the following test methods:
- NT eventlog test
- Services test
- Process
- Dominant Process
- Performance counter test
- CPU usage
- WMI test
Windows RPC calls may use any port above 1024.

How to configure RPC dynamic port allocation to work with firewalls
http://support.microsoft.com/kb/154596

Another useful article from Microsoft: network port requirements for the Windows Server system
http://support.microsoft.com/kb/832017

On the other hand, firewall that passes thru NetBIOS, RPC, DCOM traffic does not have much sense. If you need to monitor remote network protected by firewall, we strongly recommend using Remote Monitoring Agent (RMA)
http://www.ks-soft.net/hostmon.eng/rma-win/index.htm

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12790
Location: USA

PostPosted: Fri Jan 13, 2012 9:16 am    Post subject: Reply with quote

Note: the default dynamic port range for TCP/IP has changed in Windows Vista and in Windows Server 2008.

To comply with Internet Assigned Numbers Authority (IANA) recommendations, Microsoft has increased the dynamic client port range for outgoing connections in Windows Vista and in Windows Server 2008. The new default start port is 49152, and the default end port is 65535. This is a change from the configuration of earlier versions of Windows that used a default port range of 1025 through 5000.

http://support.microsoft.com/kb/929851
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> FAQ (Frequently Asked Questions) All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index