Environment
Sentinel 5.1.3
Sentinel 5.1.x
Sentinel 4.2.xx
Situation
How to allow access for the WMI collector through a firewall:
Resolution
The best solution at the time of writing this article would be to
restrict the ports that DCOM itself can use. The following
URL explains the registry changes necessary to do so:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp
Once those settings are in place, the firewall can be configured to allow communication through the ports configured by the registry settings. (135, and any others that have been configured)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomfirewall.asp
Once those settings are in place, the firewall can be configured to allow communication through the ports configured by the registry settings. (135, and any others that have been configured)
Additional Information
When a collector manager is deployed at one location, and the
servers being monitored are at remote sites; often times a firewall
will separate the two. Since WMI relies on an RPC call to
negotiate a DCOM port, opening just port 135 is not
sufficient. Port 135 is simply used for the locater
service. Once RPC has been located, it switches to a randomly
allocated high TCP port. Both port 135 as well as whatever
range specified must be allowed through the firewall.