Discovery of vCenter thru a firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2019 09:43 AM
We've successfully discovered vCenter within our firewall, now trying to do the same over a firewall. We requested to have several ports opened, however, Discovery is still failing. In the ECC queue, we see this and I need help interpreting what it means:
<scanner name="BannerTCP" port="5480" portprobe="vmapp" protocol="tcp" result="open" service="vmapp_https"/>
<scanner name="BannerTCP" port="9443" portprobe="vmapp" protocol="tcp" result="open" service="vmapp6_https"/>
<scanner name="SLP" port="427" portprobe="slp" protocol="udp" result="timed_out" service="slp"/>
<scanner name="NBT" port="137" portprobe="wins" protocol="udp" result="unresolved" service="ms-nb-ns"/>
<scanner name="DNS" port="53" portprobe="dns" protocol="udp" result="unresolved" service="dns"/>
<scanner name="HTTP" port="80" portprobe="http" protocol="tcp" result="open" service="http">
Does this mean that we need to open ports: 427, 137 and 53 for Discovery to work?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2019 10:53 AM
Dave - the ports needed are totally dependent on the type of device you are trying to discover. The example you shared is querying for lots of ports, but this doesn't mean they all apply to your use case (discovering Vcenter). In a normal disco setup, without Behaviors, many protocols (ports) are interrogated yet this doesn't mean you need them all. A 'normal' i.e. generic disco setup queries lots of ports to see what 'might' be out there....
The example is showing you ports 5480, 9443 are defining responding to the MID server's Shazzam/port scan phase. The last 4 ports being scanned may not be necessary in your situation...but are likely just being scanned by default.
<scanner name="BannerTCP" port="5480" portprobe="vmapp" protocol="tcp" result="open" service="vmapp_https"/>
<scanner name="BannerTCP" port="9443" portprobe="vmapp" protocol="tcp" result="open" service="vmapp6_https"/>
Also for broader visibility to questions like this, you may wish to consider posting it in a forum appropriate for Discovery: IT Operation Management (ITOM) and possibly tag it with key words: Discovery
Hope that helps...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-18-2019 11:22 AM
Thanks, I'll try that queue ... I did know that Discovery tries a number of ports to determine what OS or class the CI is ... but for this one, we know it's a vCenter, but am struggling to determine which ports must be opened for full discovery to be successful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2019 12:32 AM
This is what Service Now Says- After classifying vCenter, Discovery launches the VMware - vCenter Datacenters probe, which in turn launches specific probes that return information about ESX machines, virtual machines, and other vCenter objects. The vmapp port probe is also configured to launch the VMware - vCenter Datacenters probe.
Since Vcenter has variety of possible objects - You can give a try by opening those 3 additional Ports also (hope Security team do not have much issues).
slp Service Location Protocol (SLP) 427 TCP/UDP
wins Windows Internet Name Service 137 NetBIOS Name Resolver UDP
dns Domain Name Service 53 To resolve the name of each IP Address TCP/UDP
Regards
RP
