Windows Discovery and WinRM

DuaneNMore
Kilo Guru

‎04-26-2017 09:48 AM

We are running istanbul patch 3; and are attempting to set up the firewalls to allow Windows, Linux and network Discovery. For garden variety discovery we thought that the following ports would be sufficient: UDP-161:162                                   TCP-21   TCP-22   TCP-80   TCP-135                               TCP-139                               TCP-443                               TCP-1433             TCP-1521                         TCP-5480                   TCP-5989                         UDP-137                           TCP/UDP-53.

However a look at the Firerwall log indicates it is attempting 5985 and 5986 which are associated with the WinRM (https://docs.servicenow.com/bundle/istanbul-it-operations-management/page/product/mid-server/task/t_...). I don't know if this is a bug or desired behavior, but the

mid.windows.management_protocol parameter is not configured for the mid server so it shouldn't be using WinRM.

Another thing I stumbled across here is the DCOM behavior where it connects over port 135, and then gets told to go use some port in the TCP-49152:65535 range. I stumbled across some guidance (after the failure) about how this works.

So the real question here is: for those locations that are not going to open up the midserver to communicate over any ports when doing discovery; is there a concise bit of guidance on the ports and protocols actually used?

                                                                                             

UDP-161:162TCP-49152:65535TCP-21TCP-22TCP-80TCP-135TCP-139TCP-443TCP-1433TCP-1521TCP-5480TCP-5985TCP-5986TCP-5989UDP-137TCP/UDP-53
Labels:
0 Helpfuls