Firewall Requirements (Classic)
When using Windows Firewall with Advanced Security the following rules should be enabled to allow the XIA Configuration Client to scan the remote machine.
NOTE: the rule names may differ depending on the version of Windows on the remote machine.
File and Printer Sharing (NB-Name-In) [UDP/137]
This is required to resolve names if you are not using DNS.
File and Printer Sharing (Echo Request - ICMPv4-In) [ICMP]
This is required to respond to ping requests. This is only necessary when trying to detect the Windows machine using the Network Range Search (WMI) with ICMP enabled.
Windows Management Instrumentation (DCOM-In)
Allows Windows Management Instrumentation (WMI) queries to be executed.
Windows Management Instrumentation (WMI-In)
Allows Windows Management Instrumentation (WMI) queries to be executed.
Remote Service Management (NP-In) [TCP/445]
The scan will complete if this firewall port is blocked, however
- Descriptions of running processes cannot be read.
- Scheduled tasks (Windows 2008 and above) cannot be read.
Remote Service Management (RPC)
Allows the dynamic ports required for WMI. The scan will fail if this firewall rule is blocked
RPC Dynamic Ports [Manual RPC Dynamic Ports Rule]
This is a manually created rule, though predefined RPC rules exist they are bound to a specific application.
The scan will complete if this firewall rule is blocked, however
- Windows Update configuration cannot be read.
- Windows Firewall configuration cannot be read using the Firewall API, however PowerShell Remoting can also be used to read this information.
File and Printer Sharing (NB-Session-In) TCP/139
The scan will complete if this port is blocked and the "Scan Local Accounts" is set to false, however
- User rights assignment cannot be read.
- Local account policies cannot be read.
- Local users and groups cannot be read.
- Members of the Remote Desktop Users group cannot be read.
Windows Remote Management (HTTP-In)
The scan will complete if this port is blocked however components that depend on PowerShell Remoting will fail - for example
- Windows advanced audit policy cannot be read.