This article provides information on the system and environmental requirements for the GFI Landguard Agents and Relay Agents deployment and successful operations.
It is recommended to deploy Agents and Relay Agents on the computers in your environment to reduce network bandwidth utilization and enable faster scanning audits.
GFI LanGuard Agents can be deployed only on machines running Microsoft Windows operating systems. Operations on non-Windows devices are agentless.
Computers running GFI LanGuard Agent and Relay Agent must meet the requirements described below for the successful Agent operations and for performance reasons.
- Hardware Requirements
- Software Requirements
- Firewall Ports and Protocols
- Antivirus and Backup Exclusions
GFI LanGuard Agent
Computers running a GFI LanGuard Agent must meet the following minimum hardware requirements:
|Physical Storage||800MB are required for the installation & an additional 2GB are required during a scan to extract update archives.|
|RAM||25 MB dedicated to GFI LanGuard|
|Network bandwidth||1544 kbps|
GFI LanGuard Relay Agent
GFI LanGuard enables you to configure Agents as a relay of the server. A computer is eligible to serve as a Relay Agent when:
- The computer is online with good uptime (an offline Relay Agent incapacitates its clients)
- Has fast network access to computers connected to it
- Has the required disk space to allow caching.
Computers with the Agents configured as Relay Agents must meet the following minimum hardware requirements:
1 to 100 Clients
100 to 500 Clients
500 to 1,000 Clients
|Processor||2 GHz Dual Core||2 GHz Dual Core||2.8 GHz Dual Core|
|Physical Storage||5 GB||10 GB||10 GB|
|RAM||2 GB||2 GB||4 GB|
|Network bandwidth||100 Mbps||100 Mbps||1 Gbps|
The following table lists operating systems that GFI LanGuard Agent and GFI LanGuard Relay Agent can be installed on:
|Windows® Operating System||GFI LanGuard Agent||GFI LanGuard Relay Agent|
|Windows Server 2019|
|Windows Server 2016|
|Windows Server 2012 (including R2)|
|Windows Server 2008 R2 Standard/Enterprise (latest SP)|
|Windows Server 2008 Standard/Enterprise (latest SP)|
|Windows Server 2003 Standard/Enterprise|
|Windows 10 Professional/Enterprise|
|Windows 8/8.1 Professional/Enterprise|
|Windows 7 Professional/Enterprise/Ultimate (latest SP)|
|Windows Vista Business/Enterprise/Ultimate|
|Windows XP Professional (latest SP)|
|Small Business Server 2011|
|Small Business Server 2008 Standard|
|Small Business Server 2003 (latest SP)|
Firewall Ports and Protocols
Below are the required firewall ports and protocols settings:
Configure your firewall to allow inbound connections on TCP port 1072, on computers running:
- GFI LanGuard
- Relay Agents
To manually configure the communication port:
- Launch GFI LanGuard.and go to Configuration > Manage Agents.
- From the right pane, click Agents Settings.
- Specify the communication port in the TCP port text box and click OK to apply the changes.
GFI LanGuard Agent and Agent-less computers
Communications between GFI LanGuard and managed computers (Agents and Agent-less) are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:
|22||SSH||Auditing Linux systems.|
|135||DCOM||Dynamically assigned port.|
|137||NetBIOS||Computer discovery and resource sharing.|
|138||NetBIOS||Computer discovery and resource sharing.|
|139||NetBIOS||Computer discovery and resource sharing.|
Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c.
SNMPv3 and SNMP over TLS / DTLS are not supported.
Antivirus and Backup Exclusions
Antivirus and backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files. Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard Server, Agents, Relay Agents, and the GFI LanGuard Central Management Server: