Start a conversation

GFI LanGuard System Requirements

Overview

Computers running GFI LanGuard must meet the system requirements described in this article in order to operate correctly and for performance reasons. Ignoring hardware requirements may lead to slow performance, operations failing, or the application becoming unresponsive.

Introduction

All the requirements below are equally important. Make sure the server meets these requirements before deployment.

Description

Hardware Requirements

Hardware requirements for computers hosting GFI LanGuard depend on network size. Refer to the table below for the recommended specifications:

Component

 

Processor 2.5 GHz Quad-Core
Physical Storage 20 GB
RAM 8 GB
Network bandwidth 1544 kbps

  Note: Customers looking to manage thousands of devices with GFI LanGuard are recommended to contact GFI Sales for pricing as well as suggestions regarding the proper management and deployment.

Back to top


 

Software Requirements

GFI LanGuard components can be installed on any computer that meets the software requirements listed in this section:

Supported Operating Systems 

The following table lists operating systems that are still supported and where GFI LanGuard can be installed. Ensure that you are running the Full version (with GUI) of these operating systems, and running the latest Service Pack as provided by Microsoft.

Operating System
Windows® Server 2022
Windows® 11 Professional/Enterprise
Windows® Server 2019
Windows® Server 2016
Windows® Server 2012 (including R2)
Windows® 10 Professional/Enterprise
Windows® 8/8.1 Professional/Enterprise

The Microsoft .NET Framework 4.5.1 is required to be installed on the server where GFI LanGuard is deployed, though this can be installed at the time of deployment.

 

Supported Databases

GFI LanGuard uses a database to store information from network security audits and remediation operations. The database backend can be any of the following:

Database server Recommended Use
SQL Server Express® 2014 or later This database server has a 10GB limit and is therefore recommended for networks containing up to 500 computers. If a database server is not available, the GFI LanGuard installer can automatically download and run the Microsoft SQL Express installer.

SQL Server® 2014 or later

Recommended for larger networks containing 500 computers or more.

For improved performance, it is highly recommended to use an SSD drive for the database server. Compared to traditional Hard Disk Drives, SSDs deliver superior performance with lower access time and lower latency.

Back to Software Requirements
Back to top


Target Computer Components

The following table provides you with information about components that are required to be installed or enabled on computers to be scanned remotely (agent-less) by GFI LanGuard:

Component Description
Secure Shell (SSH) Required for UNIX/Linux/Mac OS-based scan targets. SSH server must be installed and enabled.
File and Printer Sharing Required for machines running Microsoft operating systems to enumerate and collect information about scan targets.
Remote Registry Ensure that this service is enabled and running on machines using Microsoft operating systems. This is required to collect information about scan targets, such as Operating System details, user and computer data.

Back to Software Requirements
Back to top


 

Firewall Ports and Protocols

This section provides you with information about the required firewall ports and protocols settings for:


GFI LanGuard and Relay Agents

Configure your firewall to allow inbound connections on TCP port 1072 on computers running:

  • GFI LanGuard
  • Relay Agents

This port is automatically bound to the integrated Apache server when GFI LanGuard is installed and is being used for all inbound communication between the server component and the monitored computers.

If GFI LanGuard detects that port 1072 is already in use by another application, it automatically searches for an available port in the range of 1072-1170.

Note: Ports 1077 and 1078 are used for Central Management Server, HTTPS and HTTP versions

To manually configure the communication port:

  1. Launch GFI LanGuard.
  2. Go to Configuration > Manage Agents.
  3. From the right pane, click Agents Settings.
  4. Specify the communication port in the TCP port text box.
  5. Click OK to apply the changes.

Back to Firewall Ports and Protocols
Back to top


GFI LanGuard Agent and Agent-less computers

Communications between GFI LanGuard and managed computers (Agents and Agent-less) are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:

TCP/UDP Ports Protocol Description
22 SSH Auditing Linux systems.
135 DCOM Microsoft EPMAP (End Point Mapper) provides dynamically assigned ports for RPC-based services for DCOM.
137 NetBIOS Computer discovery and resource sharing.
138 NetBIOS Computer discovery and resource sharing.
139 NetBIOS Computer discovery and resource sharing.
161 SNMP

Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c.

SNMPv3 and SNMP over TLS / DTLS are not supported.

445 SMB

Used while:

  • Auditing computers.
  • Agent management.
  • Patch deployment.

Note: The Netstat utility can be used to view current connections and Ports.

Back to Firewall Ports and Protocols
Back to top


 

Gateway Permissions

To download definition and security updates, GFI LanGuard connects to GFI, Microsoft, and Third-Party update servers via HTTP. Ensure that the firewall settings of the machine where GFI LanGuard is installed allow connections to:

  • gfi-downloader-137146314.us-east-1.elb.amazonaws.com
  • *software.gfi.com/lnsupdate/
  • *.download.microsoft.com
  • *.windowsupdate.com
  • *.update.microsoft.com
  • All update servers of Third-Party Vendors supported by GFI LanGuard.

 


 

Antivirus and Backup Exclusions

Antivirus and backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files.

Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard Server, Agents, Relay Agents, and the GFI LanGuard Central Management Server:

<system drive>\ProgramData\GFI\

Refer to the Real-time Protection Engines section of the Recommended Settings for Best Performance in GFI LanGuard article

 

Choose files or drag and drop files
Was this article helpful?
Yes
No
  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments