4 Replies Latest reply on Jul 3, 2013 7:21 AM by danh2010

    Firewall Problem

    Rookie

      I thought I had this solved but apparantly not.

       

      I cannot make contact with an agent unless the Windows 7 firewall is off. I have opened up ports 139 and 445 and opened the Shavlik program in the firewall. I still cannot have the agent check in. what are the proper ports, programs, etc to use with Shavlik 9.

        • 1. Re: Firewall Problem
          bbarlow SupportEmployee

          Here is all of our port information.

           

          Inbound

          • TCP 80 (Only for Distribution Servers that utilize HTTP) Needed for Distribution Servers to Sync patches with Console only if using HTTP
          • TCP 135 (Inbound on agentless target machine) WMI Scanning – Only needed if using Asset Scanning
          • TCP 137-139 (Windows file sharing/directory services) required for agentless scan to work
          • TCP 445 (Windows file sharing/directory services) required for agentless scan to work
          • TCP 3121 (Inbound on the console) required for tracker status updates for patch deployment and agent communication back to console
          • TCP 3122 (Inbound on the console) required for console service to communicate with database
          • TCP 4155 (Inbound on agent machine) Allows agent to allow commands from console
          • TCP 5120 (Inbound on agentless target machine) Allows scheduler to receive commands from console machine
          • TCP 5985 (Inbound on agentless target machine) Allows you to use IT Scripts feature
          • TCP 443 (Only for Distribution Servers that utilize HTTPS) Needed for Distribution Servers to Sync patches with Console only if using HTTPS

          Outbound

          • TCP 80 (Only for Distribution Servers that utilize HTTP) Allows agent and console communion with Distribution Server using HTTP
          • TCP 137-139 (Windows file sharing/directory services) required for agentless scan to work)
          • TCP 445 (Windows file sharing/directory services) required for agentless scan to work)
          • TCP 3121 (Agent machine to console) Required for tracker status updates for patch deployment and agent communication back to console
          • TCP 5120 (From console to agentless target) Allows console to send commands to target machine scheduler
          • UDP 9 (Only used if using Wake on Lan)
          • 2. Re: Firewall Problem
            Rookie

            Can't I go in to Win firewall and Allow a Program or Feature Through the firewall. Such as, allowing Shavlik Protect Agent (STAgentUI.exe) throught the firewall?

            • 3. Re: Firewall Problem
              bbarlow SupportEmployee

              You could try that. Most likely it will work. Here is another view of ports that we need open. This is from the admin guide. http://www.shavlik.com/assets/doc/ag-prt-9-0.pdf#page=25

              • 4. Re: Firewall Problem
                Rookie

                I had this same issue with Windows 2008 Servers.  Just adding the agent to the allowed list in the firewall did not let the traffic through.  I manaually added a rule to allow TCP 4155.  That alone fixed it for me.

                1 of 1 people found this helpful