Firewall rules for a SCOM Management Server

Want to keep the local firewall on your management sevrers and the SQL? Use the following commands to open what you need – Remember to run these the commands on each Management Server in the Resource pool you use for network monitoring.

 

On the SQL Server:

Run this at the SQL Server who is to be Database server for your Management Servers

netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = SQLBrowserPort dir = in protocol = tcp action = allow localport = 1434 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = ServiceBroker dir = in protocol = tcp action = allow localport = 4022 remoteip = localsubnet profile = DOMAIN

The web server for OperationsManager:

netsh advfirewall firewall add rule name = HTTP dir = in protocol = tcp action = allow localport = 80 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = HTTPS dir = in protocol = tcp action = allow localport = 443 remoteip = localsubnet profile = DOMAIN

SCOM Management Servers:

Run these command on each Management Server.

netsh advfirewall firewall add rule name = MgmtPort dir = in protocol = tcp action = allow localport = 5723 remoteip = localsubnet profile = DOMAIN
netsh advfirewall firewall add rule name = MgmtConsole dir = in protocol = tcp action = allow localport = 5724 remoteip = localsubnet profile = DOMAIN

And if you are using SNMP Network Monitoring


netsh advfirewall firewall set rule name="Operations Manager Ping Response (Echo Response – ICMPv4 IN)" new enable=yes
netsh advfirewall firewall set rule name="Operations Manager SNMP Response" new enable=yes
netsh advfirewall firewall set rule name="Operations Manager SNMP Trap Listener" new enable=yes

Have a greate one
Kåre

By | 2017-08-22T13:04:01+00:00 August 15th, 2012|Operations Manager (SCOM)|3 Comments

About the Author:

Kåre Rude Andersen
Microsoft Certified Trainer since 1996, MCSE, TS and ITP in Microsoft Windows, SQL (also Microsoft), Exchange (MS) and Microsoft Operations Manager. Senior Consultant and have recently worked as a consultant at CSC, SAS, ISS, Nokia and Scandlines.

3 Comments

  1. Peter May 16, 2013 at 16:06 - Reply

    Thank you and summer greetings!

  2. Antonio August 10, 2013 at 0:27 - Reply

    RPC Ports?

  3. weight loss calculator September 20, 2014 at 5:39 - Reply

    Hey there! I just wanted to ask if you ever have any problems with hackers?
    My last blog (wordpress) was hacked and I ended up losing months of
    hard work due to no data backup. Do you have any methods to stop hackers?

Leave A Comment