Ports to be opened in the Firewall

If you have a firewall active - either in the systems/assets that are being scanned or in the system where the Security Manager Plus server is installed - you will need to open up certain ports in the firewall on these systems, so that Security Manager Plus can go about its scanning and patching tasks effectively. Here is a list of such ports, in both the agentless as well as the agent modes of management.

Ports needed for scanning & patching Windows systems

WMI Port for Inventory scanning in Agentless mode (only for Professional Edition)

During inventory scanning in Agentless mode, a random port for WMI will be allotted by the target system for the SMP Server to connect.
So, if a Windows Firewall is running in the target systems :

1. You need to run the command netsh firewall set service RemoteAdmin Enable on each target system to configure Windows Firewall so that it allows WMI connections.
2. Run netsh firewall set service RemoteAdmin Disable to disable the same after a scan

If you have any other firewall in the target system or in the network path between SMP Server & target system :

1. A script needs to be run in each of the target system to be scanned which will configure WMI port range.
2. Then the firewall must be configured so as to allow the specified port range
3. Please contact support (at) securitymanagerplus (dot) com for the script.

Please check whether the above ports are accessible from the respective systems. For e.g., from SMP server system, try telnet to ports 135, 139 and 445 (or respective ports mentioned above) on target systems.

They must connect successfully.

From Agent or target systems, try telnet 9004, 6262 and 6767 (or respective ports mentioned above) to SMP server system. They must connect successfully.

Ports needed for scanning & patching Linux systems

SSH Port 22 must be open for scanning & patching Linux systems