Javascript must be enabled to download our products and perform other essential functions on the website.

ionicons-v5-m
ionicons-v5-j
Buy Now Download Free Trial
ionicons-v5-m
ionicons-v5-f

Monitoring Remote Servers Through Firewalls

Power Admin monitoring products contain a variety of modules that monitor different server resources. In general, the server resources are accessed through one of three ways:

  1. Standard protocol ports
  2. Windows RPC
  3. Windows SMB/CIFS (file serving)

Do you need to monitor

servers in a DMZ?

Using the Satellite monitoring service that comes with the Ultra edition makes it much easer.

Distributed monitoring is easy. Check it out :)

Standard Protocol Ports

Standard Protocol Ports would be those ports that are used by a protocol-specific monitor. For example, the Web Page monitor uses HTTP, and therefore (by default) port 80 to access the remote server. The SMTP server monitor uses a default port of 25, POP3 is a default of port 110, etc. These standard protocol monitors therefore use the port specified by the relevant standard.

Standard Ports:

FTP
Port 21
DNS
Port 53
Mail (POP3)
Port 110
Mail (IMAP)
Port 143
Mail (SMTP)
Port 25
SNMP
Ports 161 and 162
Web (HTTP)
Port 80
Web (HTTPS)
Port 443

Windows RPC

See below for Windows Firewall rules for Windows 2008 and Windows 2012.

Windows-specific monitors (Event Log monitor, Service monitor, Performance monitor, etc) use standard Windows RPC to access the underlying resources. Windows RPC uses TCP port 135 by default (although you can change this via tools on the Microsoft website). Because port 135 is targeted by much of the malware and worms on the Internet, we do not recommend opening that port on an Internet-facing firewall.

Besides port 135, RPC also uses a dynamic port range that gets established between the endpoints. Microsoft has more information, including firewall considerations:

Windows SMB / CIFS

Windows disk-based monitors (Disk Space monitor, File & Directory Change monitor, etc) use standard Windows SMB to access the underlying files and directories. Windows SMB uses TCP port 445 by default (although you can change this via tools on the Microsoft website). Because port 445 is targeted by much of the malware and worms on the Internet, we do not recommend opening that port on an Internet-facing firewall.

CIFS is another popular file sharing protocol that is basically the same as SMB. It is supported by Linux via SAMBA, and many other operating systems and devices.

Additional Information

Windows 2008

Windows 2008 comes with a very strict firewall which is enabled by default. Go to Control Panel > Windows Firewall with Advanced Security to the incoming rules, and enable the Remote Administration rule to enable typical monitor access.

Windows 2012

The Windows 2012 firewall is very strict and tightly locked down in its default configuration. For monitoring the server, consider enabling the following rules:

Disk Space

  • File and Printer Sharing (SMB-In)

Event Log

  • Remote Event Log Management (RPC) Remote Event Log Management (RPC-EPMAP)

Performance Counters

  • Performance Logs and Alerts (TCP-In)

Ping

  • File and Printer Sharing (Echo Request - ICMPv4-In)

Services

  • Remote Service Management (RPC) Remote Service Management (RPC-EPMAP)

Inventory Collection

  • Windows Management Instrumentation (DCOM-In)
    COM+ Network Access (DCOM-In)

Alternative - Single HTTPS Port

If opening firewall ports is not desired, a good option is to use PA Server Monitor's Satellite Monitoring Service. It is a small piece of software installed on a single server on the other side of the firewall that will monitor other devices on that side, and then report back to your central service. This works across firewalls as well as it does across the Internet at remote data centers.

Only a single incoming port for HTTPS traffic needs to be opened on the firewall.

View this page for more information.

Testing

To test if the ports are correctly opened, we recommend using a Windows app, like the Windows Event Log Viewer for example. Start eventvwr.msc and see if you can use it to connect to and view the remote Event Log. If this works, any firewalls in between are letting the requests through. For advanced firewalls like the one in Windows Server 2012, you should also try this with the Services applet (services.msc) and the Performance viewer (perfmon.msc) if you will be monitoring those resources.

I must say I am very impressed; in my 16 years as an ICT pro I have come across many monitoring products; you are by far the best.

Ernst V., Global Collect, Netherlands ionicons-v5-b