andrea.meyer

Configuring Windows Advanced Firewall to allow discovery

Blog Post created by andrea.meyer on May 18, 2014

This article will answer the following questions:

- How do I configure the Windows Advanced Firewall to allow HyperV Discovery ?

- How do I configure Windows Advanced Firewall to allow WMI discovery ?

- How do I configure Windows Advanced Firewall to allow Application discovery ?

 

DISCLAIMER: You are responsible for your own system security. These instructions are provided as a guide to help you identify required configurations, and you should verify that you are happy with the implications of opening up firewall ports as described below.

 

First, you may wish to check if the firewall is causing your problem by temporarily disabling it to see if discovery then proceeds without a problem. Of course, this should be on a test machine. If discovery works without a firewall running temporarily, then these instructions will help configure the required access.

 

Note: these instructions were created based on W2008R2.

 

Open Server Manager, navigate to 'Windows Firewall with Advanced Security", "Inbound Rules" section

 

ServerManagerFW.jpg

 

 

 

Next, add a new 'Inbound Rule' by selecting "New Rule" on the 'Actions' panel on the left hand side of this view. Select 'Port' as the Rule Type:


NewInboundRule.jpg

 


Select 'TCP' and 'All local ports' on the next screen that appears.

 

NewInboundRule2.jpg

 


Select 'Allow the connection'

 

NewInboundRule3.jpg

 


Select the appropriate profile for the connection which 'faces' the VMTurbo appliance (this is usually 'Domain'). In the example below all profiles are selected.

 

NewInboundRule4.jpg

 

Give the rule a name and click 'Finish':

 

NewInboundRule5.jpg

 

Select the rule you just made, and click 'Properties' from the right click menu

 

NewInboundRule6.jpg

 

Select the 'Protocols and Ports' tab, and change the "Local Port" menu entry to read "RPC Dynamic Ports"

 

NewInboundRule7.jpg

 

Optionally, you could also use the 'Scope' tab to specify the IP address of the VMTurbo appliance (note, if you do not do this, RPC access will be possible from any system in the domain).

In the example below, my VMTurbo appliance address is 10.10.172.22:

NewInboundRule8.jpg


That's it! you should now be able to communicate from the VMTurbo appliance to the Windows Host (HyperV) or Windows VM (Application discovery).

Outcomes