Overview
Computers running GFI LanGuard must meet the system requirements described in this article in order to operate correctly and for performance reasons. Ignoring hardware requirements may lead to slow performance, operations failing, or the application becoming unresponsive.
Introduction
All the requirements below are equally important. Make sure the server meets these requirements before deployment.
- Hardware Requirements
- Software Requirements
- Firewall Ports and Protocols
- Gateway Permissions
- Antivirus and Backup Exclusions
Description
Hardware Requirements
Hardware requirements for computers hosting GFI LanGuard depend on network size. Refer to the table below for the recommended specifications:
| Component
|
|
|---|---|
| Processor | 2.5 GHz Quad-Core |
| Physical Storage | 20 GB |
| RAM | 8 GB |
| Network bandwidth | 1544 kbps |
Note: Customers looking to manage thousands of devices with GFI LanGuard are recommended to contact GFI Sales for pricing as well as suggestions regarding the proper management and deployment.
Software Requirements
GFI LanGuard components can be installed on any computer that meets the software requirements listed in this section:
Supported Operating Systems
The following table lists operating systems that are still supported and where GFI LanGuard can be installed. Ensure that you are running the Full version (with GUI) of these operating systems, and running the latest Service Pack as provided by Microsoft.
| Operating System |
|---|
| Windows® Server 2022 |
| Windows® 11 Professional/Enterprise |
| Windows® Server 2019 |
| Windows® Server 2016 |
| Windows® Server 2012 (including R2) |
| Windows® 10 Professional/Enterprise |
| Windows® 8/8.1 Professional/Enterprise |
The Microsoft .NET Framework 4.5.1 is required to be installed on the server where GFI LanGuard is deployed, though this can be installed at the time of deployment.
Supported Databases
GFI LanGuard uses a database to store information from network security audits and remediation operations. The database backend can be any of the following:
| Database server | Recommended Use |
|---|---|
| SQL Server Express® 2014 or later | This database server has a 10GB limit and is therefore recommended for networks containing up to 500 computers. If a database server is not available, the GFI LanGuard installer can automatically download and run the Microsoft SQL Express installer. |
|
SQL Server® 2014 or later |
Recommended for larger networks containing 500 computers or more. |
For improved performance, it is highly recommended to use an SSD drive for the database server. Compared to traditional Hard Disk Drives, SSDs deliver superior performance with lower access time and lower latency.
Back to Software Requirements
Back to top
Target Computer Components
The following table provides you with information about components that are required to be installed or enabled on computers to be scanned remotely (agent-less) by GFI LanGuard:
| Component | Description |
|---|---|
| Secure Shell (SSH) | Required for UNIX/Linux/Mac OS-based scan targets. SSH server must be installed and enabled. |
| File and Printer Sharing | Required for machines running Microsoft operating systems to enumerate and collect information about scan targets. |
| Remote Registry | Ensure that this service is enabled and running on machines using Microsoft operating systems. This is required to collect information about scan targets, such as Operating System details, user and computer data. |
Back to Software Requirements
Back to top
Firewall Ports and Protocols
This section provides you with information about the required firewall ports and protocols settings for:
GFI LanGuard and Relay Agents
Configure your firewall to allow inbound connections on TCP port 1072 on computers running:
- GFI LanGuard
- Relay Agents
This port is automatically bound to the integrated Apache server when GFI LanGuard is installed and is being used for all inbound communication between the server component and the monitored computers.
If GFI LanGuard detects that port 1072 is already in use by another application, it automatically searches for an available port in the range of 1072-1170.
Note: Ports 1077 and 1078 are used for Central Management Server, HTTPS and HTTP versions
To manually configure the communication port:
- Launch GFI LanGuard.
- Go to Configuration > Manage Agents.
- From the right pane, click Agents Settings.
- Specify the communication port in the TCP port text box.
- Click OK to apply the changes.
Back to Firewall Ports and Protocols
Back to top
GFI LanGuard Agent and Agent-less computers
Communications between GFI LanGuard and managed computers (Agents and Agent-less) are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:
| TCP/UDP Ports | Protocol | Description |
|---|---|---|
| 22 | SSH | Auditing Linux systems. |
| 135 | DCOM | Microsoft EPMAP (End Point Mapper) provides dynamically assigned ports for RPC-based services for DCOM. |
| 137 | NetBIOS | Computer discovery and resource sharing. |
| 138 | NetBIOS | Computer discovery and resource sharing. |
| 139 | NetBIOS | Computer discovery and resource sharing. |
| 161 | SNMP |
Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c. SNMPv3 and SNMP over TLS / DTLS are not supported. |
| 445 | SMB |
Used while:
|
Note: The Netstat utility can be used to view current connections and Ports.
Back to Firewall Ports and Protocols
Back to top
Gateway Permissions
To download definition and security updates, GFI LanGuard connects to GFI, Microsoft, and Third-Party update servers via HTTP. Ensure that the firewall settings of the machine where GFI LanGuard is installed allow connections to:
- gfi-downloader-137146314.us-east-1.elb.amazonaws.com
- *software.gfi.com/lnsupdate/
- *.download.microsoft.com
- *.windowsupdate.com
- *.update.microsoft.com
- All update servers of Third-Party Vendors supported by GFI LanGuard.
Antivirus and Backup Exclusions
Antivirus and backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files.
Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard Server, Agents, Relay Agents, and the GFI LanGuard Central Management Server:
<system drive>\ProgramData\GFI\
Refer to the Real-time Protection Engines section of the Recommended Settings for Best Performance in GFI LanGuard article