→ Having trouble accessing our new support portal or creating a ticket? Please notify our team here

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
dscoland
Engaged Sweeper III
Hi,

What port or ports need to be opened for LsAgent Cloud Relay in order to configure the service? Can this port be changed to 443?

Thanks,
Daniel
12 REPLIES 12
Bruce_B
Lansweeper Alumni
Just to further clarify:
  • If your firewall requires you to specify the target port for Outbound connections (in most cases this will be what's needed), allow Outbound connections to TCP port 443
  • If your firewall requires you to specify the port of origin, you'll need to specify the WMI ranges
Esben_D
Lansweeper Employee
Lansweeper Employee
The dynamic ports are TCP.
dscoland
Engaged Sweeper III
Thanks for this information. Just wanted to ask if we need to allow both udp and tcp traffic for the dynamic ports.

Thanks,
Daniel
Esben_D
Lansweeper Employee
Lansweeper Employee
If you only use the relay, port 443 and the WMI ports are enough. However, if you want to use a direct server connection, you will need to open the listen port (default 9524) as well. The listen port will be using HTTPS, so there is no need to change it to 443 (as this will most likely just break things).
dscoland
Engaged Sweeper III
We are using Windows Server 2016 to attempt to establish connectivity. We also block all ports inbound and outbound except for 80 and 443. Even if we need to download inventory data from the Cloud Relay service, all we need to allow is outbound to the WMI ports for the entire LsAgent Cloud Relay service to work for both client and server?
Bruce_B
Lansweeper Alumni
Just outbound traffic over the WMI ports will do. The WMI ports are either 1025-5000 or 49152-65535, depending on the OS, more likely to be the higher range.
dscoland
Engaged Sweeper III
Understood, thanks Bruce. Just to comfirm, we would need to allow inbound/outbound tcp 135, 445 and dynamic ports tcp 1024 - 1034 to establish communication?
dscoland
Engaged Sweeper III
Okay. I did just try to switch the port to 443, then restart the Lansweeper Server service. However we are still having an issue. I reverted the changes back to the default port, then restarted the service since it didn't resolve the problem.


I think the main reason why I am asking is because when we enable the Cloud Relay service, we receive the below pending message below indefinitely.



Thanks,
Daniel
Bruce_B
Lansweeper Alumni
dscoland wrote:
Okay. I did just try to switch the port to 443, then restart the Lansweeper Server service. However we are still having an issue. I reverted the changes back to the default port, then restarted the service since it didn't resolve the problem.


I think the main reason why I am asking is because when we enable the Cloud Relay service, we receive the below pending message below indefinitely.



Thanks,
Daniel


To establish a connection with the Relay, the Lansweeper Server service will initiate an https connection to the relay server, which is hosted in Azure. This external connection is set up outbound over the WMI ports of your Lansweeper server. I'd recommend checking whether you're blocking outbound traffic at all, and more specifically, over WMI ports.

The scanning service listening port is not used in this equation. The scanning service listening port is reserved for direct communication with clients, both with LsAgent and LsPush.