Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2014 08:57 AM
May I know how to config Mcafee firewall HIPS as the following?
http://lansweeper.com/kb/6/firewall.html
http://lansweeper.com/kb/6/firewall.html
Solved! Go to Solution.
Labels:
- Labels:
-
General Discussion
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2014 12:05 PM
Opening specific ports is not enough. By default, WMI data is sent over random ports. You'll need to either:
- Configure your firewalls in such a way that *all* WMI traffic (over random ports) is allowed. We don't use McAfee in-house, but your firewall documentation will likely provide information on allowing WMI.
- Configure a fixed WMI port with the “winmgmt -standalonehost” command: http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx
- Scan your machines with our LsPush scanning agent instead, which is immune to access denied and firewall errors. More info on LsPush can be found on page 77 and beyond of our online documentation: http://www.lansweeper.com/documentation.pdf
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-25-2014 12:59 PM
Allowing all traffic from the Lansweeper server should work as well, though we generally recommend simply allowing WMI traffic. A complete overview of ports used by Lansweeper can be found here.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2014 08:39 AM
We are already using LSPUSH. However, we'd like to make Active Scanning work as well.
For the first method:
Configure your firewalls in such a way that *all* WMI traffic (over random ports) is allowed. We don't use McAfee in-house, but your firewall documentation will likely provide information on allowing WMI.
Can I allow all ports to my server IP address? or the traffic will not come from LS server IP address?
For the first method:
Configure your firewalls in such a way that *all* WMI traffic (over random ports) is allowed. We don't use McAfee in-house, but your firewall documentation will likely provide information on allowing WMI.
Can I allow all ports to my server IP address? or the traffic will not come from LS server IP address?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2014 12:05 PM
Opening specific ports is not enough. By default, WMI data is sent over random ports. You'll need to either:
- Configure your firewalls in such a way that *all* WMI traffic (over random ports) is allowed. We don't use McAfee in-house, but your firewall documentation will likely provide information on allowing WMI.
- Configure a fixed WMI port with the “winmgmt -standalonehost” command: http://msdn.microsoft.com/en-us/library/bb219447%28VS.85%29.aspx
- Scan your machines with our LsPush scanning agent instead, which is immune to access denied and firewall errors. More info on LsPush can be found on page 77 and beyond of our online documentation: http://www.lansweeper.com/documentation.pdf
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-20-2014 11:43 AM
Here is the testing result, seems port 135 is fine. Just cannot contact RPC server. I am sure this is related to Mcafee firewall because when I stop the service, it went through
Lansweeper Connection Tester 5.1.0.7
Scanning Lansweeper Service (on this machine)..
Status: Running
Version: 5.0.0.69
Pinging 183.100.7.128
Ping ok.
Scanning TCP ports..
135 open (EPMAP)
139 open (NetBIOS Session Service)
445 open (SMB)
Checking DNS..
183.100.7.128 resolved to: 183.100.7.128
If this is not correct, please check for DNS problems.
Checking reverse DNS..
183.100.7.128:
adhkgw7w723.ap1.1corp.org
Scanning netbios (UDP)..
Could not scan netbios
Scanning Active Directory..
Scanning WMI..
The RPC server is unavailable.
The RPC server is unavailable.
The RPC server is unavailable.
Could not edit Registry to scan Kerberos errors
Done.
Lansweeper Connection Tester 5.1.0.7
Scanning Lansweeper Service (on this machine)..
Status: Running
Version: 5.0.0.69
Pinging 183.100.7.128
Ping ok.
Scanning TCP ports..
135 open (EPMAP)
139 open (NetBIOS Session Service)
445 open (SMB)
Checking DNS..
183.100.7.128 resolved to: 183.100.7.128
If this is not correct, please check for DNS problems.
Checking reverse DNS..
183.100.7.128:
adhkgw7w723.ap1.1corp.org
Scanning netbios (UDP)..
Could not scan netbios
Scanning Active Directory..
Scanning WMI..
The RPC server is unavailable.
The RPC server is unavailable.
The RPC server is unavailable.
Could not edit Registry to scan Kerberos errors
Done.
