Main menu

SysMan UT and RC firewall notes

Host Management
Usage of tools against the remote system
(for instance, showing the list of running services running on a remote machine)

All SysMan versions make use of Windows Management Instrumentation (WMI) for remote host administration. Therefore SysMan needs Windows Management Instrumentation enabled in the remote machine's firewall.

WMI requests - firewall requirements on the remote machine
NameProgramServicesProtocolLocal PortRemote Port
Windows Management Instrumentation (DCOM-in)svchost.exe in %systemRoot%\system32Remote Procedure Call (RPC) - RpcSsTCP135Any
Windows Management Instrumentation (WMI-in)svchost.exe in %systemRoot%\system32Windows Management Instrumentation - WinmgmtTCPAnyAny


Some tools use asynchronous WMI calls (at the moment of this writing, these are the 'Ping' and 'Eventlogs' tools). Asynchronous WMI requires additional access, from the remote machine, back to the local.

Asynchronous WMI only - firewall requirements on the local machine
NameProgramServicesProtocolLocal PortRemote Port
Windows Management Instrumentation (DCOM-in)svchost.exe in %systemRoot%\system32Remote Procedure Call (RPC) - RpcSsTCP135Any
Windows management Instrumentation (ASync-In)unsecapp.exe in %systemRoot%\system32\wbemAnyTCPAnyAny


More information on firewall rules regarding remote WMI can be read on the Microsoft's page:
Connecting to WMI Remotely Starting with Windows Vista


Regarding the Sysgem WMI provider

Some SysMan tools require the Sysgem WMI provider to be present on the remote machine. If SysMan does not find the WMI Provider installed on the regarding machine, then SysMan automatically offers to install it for you (performing a push installation). Please consult the 'Sysgem push installations - firewall requirements' table further down in this article for regarding requirements.

Alternatively, the Sysgem WMI provider can be installed manually, see here.

Note:

The Sysgem WMI provider is not running as a service. Therefore, when it is not actively handling a request, it is not using any resources.


Remote Control connections

Upon installation of the Remote Control Server, a 'Sysgem SysMan Remote Control Service' rule is automatically added and enabled in the Windows firewall. Should you for any reasons need to apply firewall rules manually, then please follow the table below

Remote Control connections - firewall requirements on the remote machine
ProgramProtocolLocal PortRemote Port
SysgemRC.exe in <installation path>\Sysgem AG\Sysgem Remote Control ServerTCPAnyAny
SysgemRC.exe in <installation path>\Sysgem AG\Sysgem Remote Control ServerUDPAnyAny


If SysMan does not find the Remote Control Server service installed on the machine you want to establish a remote desktop session with, then SysMan automatically offers to install the RC server software for you (performing a push-installation). Please consult the 'Sysgem push installations - firewall requirements' table further down in this article for regarding requirements.

Alternatively, the Remote Control Server service can be installed either:
Push installations

To be able to perform remote installations on target hosts (for instance, to remotely install the Sysgem WMI Provider or the SysMan Remote Control Server service) SysMan needs to be able to send the concerning packages to the remote machine. Therefore SysMan needs File and Printersharing to be enabled in the Windows firewall.

Sysgem push installations - firewall requirements on the remote machine
NameProgramProtocolLocal PortRemote Port
File and Printer Sharing (NB-Datagram-In)SystemUDP138Any
File and Printer Sharing (NB-Name-In)SystemUDP137Any
File and Printer Sharing (NB-Session-In)SystemTCP139Any
File and Printer Sharing (SMB-In)SystemTCP445Any


Note: XP MACHINES ONLY

If the remote host is an XP machine, then for push installations to be possible, the 'simple file sharing' feature needs to be disabled.
Also see this Microsoft knowledgebase article.

Search

Can't Find an Answer?

If you can't find an answer to your question in our knowledge base, please feel free to contact our support team.

 

Downloads

Download a full featured evaluation kit from a list of available products.

Run the product under a trial license for 30 days before deciding to proceed. 

Knowledge Base

Find answers to common support questions in our Knowledge Base.

If you require support with an issue not listed here, or have any other enquiries, please contact us.

 

© Sysgem AG, all rights reserved.

Sysgem is a trademark of Sysgem AG. Other brands and products are registered trademarks of their respective holders.

Sysgem AG, Forsterstrasse 67, CH-8044 Zurich, Switzerland
+41 44 586 1060