Configuring Windows Advanced Firewall to allow discovery

This article will answer the following questions:

- How do I configure the Windows Advanced Firewall to allow HyperV Discovery ?

- How do I configure Windows Advanced Firewall to allow WMI discovery ?

- How do I configure Windows Advanced Firewall to allow Application discovery ?

 

DISCLAIMER: You are responsible for your own system security. These instructions are provided as a guide to help you identify required configurations, and you should verify that you are happy with the implications of opening up firewall ports as described below.

 

First, you may wish to check if the firewall is causing your problem by temporarily disabling it to see if discovery then proceeds without a problem. Of course, this should be on a test machine. If discovery works without a firewall running temporarily, then these instructions will help configure the required access.

 

 Note: these instructions were created based on W2008R2.

 

Open Server Manager, navigate to 'Windows Firewall with Advanced Security", "Inbound Rules" section

ServerManagerFW.jpg



Next, add a new 'Inbound Rule' by selecting "New Rule" on the 'Actions' panel on the left hand side of this view. Select 'Port' as the Rule Type:


NewInboundRule.jpg


Select 'TCP' and 'All local ports' on the next screen that appears.

NewInboundRule2.jpg


Select 'Allow the connection'

NewInboundRule3.jpg


Select the appropriate profile for the connection which 'faces' the VMTurbo appliance (this is usually 'Domain'). In the example below all profiles are selected.

NewInboundRule4.jpg

Give the rule a name and click 'Finish':

NewInboundRule5.jpg

Select the rule you just made, and click 'Properties' from the right click menu

NewInboundRule6.jpg

Select the 'Protocols and Ports' tab, and change the "Local Port" menu entry to read "RPC Dynamic Ports"

NewInboundRule7.jpg

Optionally, you could also use the 'Scope' tab to specify the IP address of the VMTurbo appliance (note, if you do not do this, RPC access will be possible from any system in the domain).

In the example below, my VMTurbo appliance address is 10.10.172.22:

NewInboundRule8.jpg


That's it! you should now be able to communicate from the VMTurbo appliance to the Windows Host (HyperV) or Windows VM (Application discovery).

Have more questions? Submit a request

Comments