Firewall rules for a SCOM Management Server

Want to keep the local firewall on your management sevrers and the SQL? Use the following commands to open what you need – Remember to run these the commands on each Management Server in the Resource pool you use for network monitoring.

 

On the SQL Server:

Run this at the SQL Server who is to be Database server for your Management Servers

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = SQLBrowserPort dir = in protocol = tcp action = allow localport = 1434 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = ServiceBroker dir = in protocol = tcp action = allow localport = 4022 remoteip = localsubnet profile = DOMAIN

The web server for OperationsManager:

netsh advfirewall firewall add rule name = HTTP dir = in protocol = tcp action = allow localport = 80 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = HTTPS dir = in protocol = tcp action = allow localport = 443 remoteip = localsubnet profile = DOMAIN

SCOM Management Servers:

Run these command on each Management Server.

netsh advfirewall firewall add rule name = MgmtPort dir = in protocol = tcp action = allow localport = 5723 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = MgmtConsole dir = in protocol = tcp action = allow localport = 5724 remoteip = localsubnet profile = DOMAIN


And if you are using SNMP Network Monitoring


netsh advfirewall firewall set rule name="Operations Manager Ping Response (Echo Response – ICMPv4 IN)" new enable=yes
netsh advfirewall firewall set rule name="Operations Manager SNMP Response" new enable=yes
netsh advfirewall firewall set rule name="Operations Manager SNMP Trap Listener" new enable=yes

Have a greate one
Kåre


Comments (3):

  1. Peter says:

    Thank you and summer greetings!

  2. Antonio says:

    RPC Ports?

  3. Hey there! I just wanted to ask if you ever have any problems with hackers?
    My last blog (wordpress) was hacked and I ended up losing months of
    hard work due to no data backup. Do you have any methods to stop hackers?

Leave a Reply