Which ports need to be opened to push the ePO agent through a firewall

[simonjcook]

Hi All,

I am exploring the possibility of pushing the ePO agent to clients running Windows XP Pro SP2 with the firewall enabled.

I am looking to have the specific ports open for the specific IP address of the ePO server.

The ports for agent communication (80) and wake-up (8081) are well documented. However, I have been unable to locate any documentation on the ports required for the initial agent push.

Suspect that Netbios ports are required but would like to acquire a definitive list and what the security implications are...

netbios-ns 137/tcp NETBIOS Name Service
netbios-ns 137/udp NETBIOS Name Service
netbios-dgm 138/tcp NETBIOS Datagram Service
netbios-dgm 138/udp NETBIOS Datagram Service
netbios-ssn 139/tcp NETBIOS Session Service
netbios-ssn 139/udp NETBIOS Session Service

Also Port 445 under 2000/XP/2003




Regards

Simon J Cook

< Keyboard Error - Press F1 to continue >

 

[bfralia]

Looks like it's ports 80, 81, 8080 and 8081. We've got a test computer set up to see what we're going to have to set up when we deploy SP2.

We hadn't been able to push agents or software until yesterday. I opened the above ports in the firewall and specifically named the IP address of the ePO server as the only address that can use those ports. I was immediately able to push the agent out and of course the remaining software followed.

BTW: Any users out there of Hyena from System Tools will have to turn on file and print sharing to be able to see the client computers in the manner of old.

 

[BarryHill]

The opening of SP2 ports is all supposed to happen automatically with the next epo-agent patch (3.5.???)

Anybody know when we will see it? It sure will save lots of headaches...

 

[bfralia]

I'm using ePO agent 3.5 with ePO 3.02A. it aint happening automatically. If you manually install the agent it will work through the firewall without opening any ports. That's what I did on the computer I'm using at this moment. It followed up by installing VSE 8.0i and the other stuff I have on my list of deployments.

 

[BarryHill]

>>it aint happening automatically. <<

Thats because you "aint got it". As I said, it's supposed to be automatic with the next epo-agent patch.

From the XP2 compatability FAQ--> "We are planning a release of the 3.5.x Agent, in September 2004, which will automatically add all agent services to the exception list"

I hope they stick to the timetable.

 

[motty123]

does anyone know if the epo agent 3.5.* has been released yet?

cheers

 

[theboyhope]

I just found out we're thinking of deploying SP2 with the firewall on.

So, the current agent adds itself to the exception list when it's installed (as I'm sure most of you know) but that still doesn't help with the initial agent push. Does anyone have any more information about this yet?

I've logged a support call asking for the port numbers required but they don't actually seem to have the answer ready, which is a bit strange.

 

[theboyhope]

As it turned out, the machine the techs set up for testing had file and print sharing disabled.

Worked fine once I turned that exception on again.