Overview

You want to know what ports and protocols are used for interactions and communications between GFI LanGuard and target computers (Agents and Agent-less), to connect and access specific services, and what gateway ports to open for Internet access to download updates.

 

Solution

GFI LanGuard has definite requirements and relies on various environmental settings to be in place to manage the agents, run security scans and remediation jobs, communicate with remote computers, and retrieve information from Microsoft Windows-based scan targets. Without these settings, operations will fail.

Firewall Ports and Protocols are an important part of those requirements. LanGuard is both opening connections TO other machines and has services listening ON certain ports.

During network communications, a computer (LanGuard server, for example) connects to a destination computer from a random high numbered Port (different for each connection) to a Fixed low numbered Port that has a service Listening on that Port (the Port is considered Open for connections). 

GFI LanGuard and Relay Agents

Listening Ports for connections from remote machines (firewall has to be configured to allow inbound connections)

Service	Description	Communication Protocol	Port	OS Process
Apache Server (LanGuard 12 and later)	Port used for agent management and patch deployment	TCP	1072	Httpd.exe
Apache Server (LanGuard 11 and earlier)	Port used for agent management and patch deployment	TCP	1070	Httpd.exe

 

Remote Computers

Connections established from the GFI LanGuard server to the different Ports for specific services on remote computers:

Service	Description	Communication Protocol	Port
EPMAP	Provides dynamically assigned ports for RPC-based services for DCOM	TCP/UDP	135
NetBIOS	Used for computer discovery and resource sharing	TCP/UDP	137-139
SNMP	Used for computer discovery. GFI LanGuard supports only SNMPv1 and SNMPv2c. SNMPv3 and SNMP over TLS/DTLS are not supported	UDP	161
SMB	Used for auditing computers, agent management, and patch deployment	TCP	445
SSH	Used for auditing Linux and Mac systems	TCP/UDP	22

 

Various

Various other ports are used by a certain system and API requests. For example, DNS lookups are performed using TCP port 53, and Windows API using port 389 for the LDAP connection and synchronization with AD. They are not configurable and usually require no special firewall rules.

 

Gateway ports (aka Internet ports) and URLs for downloading updates

The internet access is required to be set in the gateway for the following addresses that use standard protocols (http/https):

• gfi-downloader-137146314.us-east-1.elb.amazonaws.com
• *software.gfi.com/lnsupdate/
• *.download.microsoft.com
• *.windowsupdate.com
• *.update.microsoft.com
• All update servers of Third-Party Vendors supported by GFI LanGuard.

 

Testing

Once these ports, protocols, and URLs are configured, GFI LanGuard should be able to connect to the target computers, and also be able to download the required updates.

In case there might be a port configuration issue, LanGuard will not be able to identify and pinpoint with an error message the exact root cause of the issue (eg: port configuration error). But in all cases, it will provide errors that help identify the root cause. Eg: For example, RPC uses port 135 (and others), and when communications that use that Remote Procedure Call fail then it would present the error 'The RPC server is unavailable'.