MID Server Outbound Ports

HumanSky · ‎04-12-2018

I plan to have a few MID servers (cluster) that will handle both Discovery and Service Mapping. Our firewall team has a policy of locking down all traffic for any systems (internal and external hosts). I would need to provide them a list of firewall exceptions, for both incoming and outgoing ports. Is there a place I can find the recommended ports required to successfully run Service Mapping & Discovery?

Dewin Albert2 · ‎04-13-2018

Refer IP Services and Port Probes under discovery definition.

The port probes are used to trigger the classification probes and gets triggered by IP service. So if you open any port probe you can get the triggering service. if you refer to that service you will get the port required to classify that particular device.

So all these ports should be opened for the shazzam port to successfully run the port scan.

And here you can find the list of ports.

https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r_DiscoveryPortsAndProtocols.html

If you want to filter out the ports per device class refer the Functionality Definitions and their corresponding port probes.

For instance, if you want to discover the windows, open the the following ports.
135(wmi), 53(dns), 137(wins), 5,985(winrm)

Hope it helps 🙂

View solution in original post

Dewin Albert2 · ‎04-13-2018

Refer IP Services and Port Probes under discovery definition.

The port probes are used to trigger the classification probes and gets triggered by IP service. So if you open any port probe you can get the triggering service. if you refer to that service you will get the port required to classify that particular device.

So all these ports should be opened for the shazzam port to successfully run the port scan.

And here you can find the list of ports.

https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r_DiscoveryPortsAndProtocols.html

If you want to filter out the ports per device class refer the Functionality Definitions and their corresponding port probes.

For instance, if you want to discover the windows, open the the following ports.
135(wmi), 53(dns), 137(wins), 5,985(winrm)

Hope it helps 🙂

HumanSky · ‎04-13-2018

Thank you, this was exactly what I was looking for. For Discovery, it seems like it's pretty straight forward. However, for Service Mapping, it seems like the outbound ports (from the MID server) could be anything, especially if you have custom, home-grown applications in your environment. If I have a dedicated MID server for Service Mapping, could I make the argument to our security team that I would need ALL outbound ports to ANY host? Especially when some of our applications are moving over to the cloud as well.

roy_walton · ‎03-19-2020

Found this thread when searching for how to limit ports for WMI discovery, specifically. Good information, thanks.

So in a scenario where you're discovering Windows hosts in a DMZ, with the MID server in the core, it's not necessary to open all of the high ports 49152-65535? The ServiceNow documentation suggests that's necessary -- that the initial communication is over 135, but then WMI will use a random high port to complete discovery.

JJ1 · ‎01-19-2021

Were you able to find an answer to this ? In one of my requirements , I had to request the 49152-65535 ports open for executing power shell ,this is basically for Citrix Delivery Controller pattern, The pattern log shows that the path doesn't exists or couldn't create file and one possible cause is the ports.