Computers running GFI LanGuard must meet the system requirements described in this article in order to operate correctly and for performance reasons. Ignoring hardware requirements may lead to slow performance, operations failing, or the application becoming unresponsive.
All the requirements below are equally important. Make sure the server meets these requirements before deployment.
- Hardware Requirements
- Software Requirements
- Firewall Ports and Protocols
- Gateway Permissions
- Antivirus and Backup Exclusions
Hardware requirements for computers hosting GFI LanGuard depend on network size. Refer to the table below for the minimum specifications according to the network size.
1 to 100 Computers
100 to 500 Computers
500 to 3,000 Computers
|Processor||2 GHz Dual Core||2.8 GHz Dual Core||3 GHz Quad-Core|
|Physical Storage||5 GB||10 GB||20 GB|
|RAM||2 GB||4 GB||8 GB|
|Network bandwidth||1544 kbps||1544 kbps||1544 kbps|
Note: Customers looking to manage thousands of devices with GFI LanGuard are recommended to contact GFI Sales for pricing as well as suggestions regarding the proper management and deployment.
GFI LanGuard components can be installed on any computer that meets the software requirements listed in this section:
- Supported Operating Systems
- Supported Databases
- GFI LanGuard and TLS 1.1 or higher
- Target Computer Components
Supported Operating Systems (32-bit/64-bit)
The following table lists operating systems and versions where GFI LanGuard can be installed. Ensure that you are running the Full version (with GUI) of these operating systems, and running the latest Service Pack as provided by Microsoft.
|Windows® Server 2019|
|Windows® Server 2016|
|Windows® Server 2012 (including R2)|
|Windows® Server 2008 (including R2) Standard/Enterprise|
|Windows® 10 Professional/Enterprise|
|Windows® 8/8.1 Professional/Enterprise|
|Windows® 7 Professional/Enterprise/Ultimate|
|Windows® Vista Business/Enterprise/Ultimate|
|Windows® Small Business Server 2011|
The Microsoft .NET Framework 4.5.1 is required to be installed on the server where GFI LanGuard is deployed, though this can be installed at the time of deployment.
GFI LanGuard uses a database to store information from network security audits and remediation operations. The database backend can be any of the following:
|Database server||Recommended Use|
|SQL Server Express® 2008 or later||This database server has a 10GB limit and is therefore recommended for networks containing up to 500 computers. If a database server is not available, the GFI LanGuard installer can automatically download and run the Microsoft SQL Express installer.|
SQL Server® 2008 or later
|Recommended for larger networks containing 500 computers or more.|
For improved performance, it is highly recommended to use an SSD drive for the database server. Compared to traditional Hard Disk Drives, SSDs deliver superior performance with lower access time and lower latency.
Back to Software Requirements
Back to top
GFI LanGuard and TLS 1.1 or higher
If you plan to deploy GFI LanGuard in an environment where TLS 1.1 and above is running, you need to enable FIPS-Compliant algorithms on the computer where the GFI LanGuard is installed.
Keep in mind that enabling FIPS-Compliant algorithms on the LanGuard server using the local policy is required; enabling FIPS in the domain policy does not cover this requirement, the change in the local policy is necessary regardless.
To enable FIPS-Compliant algorithms:
- Go to Start > Run and type
- Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies.
- Double-click Security Options.
- In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
- Check Enabled and click OK.
- Reboot the computer.
Note: This applies only to the LanGuard server. Enabling FIPS on machines where the agent is installed is not required.
Target Computer Components
The following table provides you with information about components that are required to be installed or enabled on computers to be scanned remotely (agent-less) by GFI LanGuard:
|Secure Shell (SSH)||Required for UNIX/Linux/Mac OS-based scan targets. SSH server must be installed and enabled.|
|File and Printer Sharing||Required for machines running Microsoft operating systems to enumerate and collect information about scan targets.|
|Remote Registry||Ensure that this service is enabled and running on machines using Microsoft operating systems. This is required to collect information about scan targets, such as Operating System details, user and computer data.|
Firewall Ports and Protocols
This section provides you with information about the required firewall ports and protocols settings for:
GFI LanGuard and Relay Agents
Configure your firewall to allow inbound connections on TCP port 1072 (for LanGuard 11 - 1070) on computers running:
- GFI LanGuard
- Relay Agents
This port is automatically bound to the integrated Apache server when GFI LanGuard is installed and is being used for all inbound communication between the server component and the monitored computers.
If GFI LanGuard detects that port 1072 is already in use by another application, it automatically searches for an available port in the range of 1072-1170.
To manually configure the communication port:
- Launch GFI LanGuard.
- Go to Configuration > Manage Agents.
- From the right pane, click Agents Settings.
- Specify the communication port in the TCP port text box.
- Click OK to apply the changes.
GFI LanGuard Agent and Agent-less computers
Communications between GFI LanGuard and managed computers (Agents and Agent-less) are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:
|22||SSH||Auditing Linux systems.|
|135||DCOM||Microsoft EPMAP (End Point Mapper) provides dynamically assigned ports for RPC-based services for DCOM.|
|137||NetBIOS||Computer discovery and resource sharing.|
|138||NetBIOS||Computer discovery and resource sharing.|
|139||NetBIOS||Computer discovery and resource sharing.|
Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c.
SNMPv3 and SNMP over TLS / DTLS are not supported.
Note: The Netstat utility can be used to view current connections and Ports.
To download definition and security updates, GFI LanGuard connects to GFI, Microsoft, and Third-Party update servers via HTTP. Ensure that the firewall settings of the machine where GFI LanGuard is installed allow connections to:
- All update servers of Third-Party Vendors supported by GFI LanGuard.
For more information, refer to:
- Supported Third-Party Applications
- Supported Application Bulletins
- Supported Microsoft Applications
- Supported Microsoft Security Bulletins
Antivirus and Backup Exclusions
Antivirus and backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files.
Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard Server, Agents, Relay Agents, and the GFI LanGuard Central Management Server: