Using MOM with Firewalls for Additional Security
Your IT environment might use firewalls that separate MOM computers. Depending on your topology, this separation might present an issue. Table 6 shows when using a firewall between MOM 2005 computers is supported and when it is not. The arrows indicate the direction of communication.
Table 6 - Firewall Compatibility with MOM 2005
Connection |
Firewall |
Port, Protocol, or Remark |
---|---|---|
Management Server --> Agentless |
NO |
RPC port (TCP 135) and DCOM port range |
Management Server <-- Administrator console |
NO |
RPC port (TCP 135) and DCOM port range |
Management Server <-- Operator console |
NO |
RPC port (TCP 135) and DCOM port range |
Management Server <-- Agent |
OK |
TCP/UDP port 12701 |
Management Server --> MOM Database |
OK |
OLEDB Tunneling, port 14332 |
Reporting Database <-- MOM Database |
NO |
DTS port (TCP 1433) |
Reporting Database <-- Reporting console |
OK |
HTTP port 80 |
Management Server <-- Web console |
OK |
TCP port 1272 |
MMPC source--> MMPC destination |
OK |
TCP port 1271 |
Management group - Management group |
OK |
Use MOM to MOM Product Connector |
OK - using a firewall with this connection is supported
NO - using a firewall with this connection is not supported
1 - Agent Management Tasks will not work properly without the DCOM port range being opened.
2 - User configurable.
Using Active Directory through a Firewall
If you have a MOM Database Server that is beyond a firewall from your Domain Controller, you will have to open additional ports to allow the MOM Database Server to authenticate the DAS account credentials. Microsoft Support article 179442, How to Configure a Firewall for Domains and Trusts, details how you can do this. For more information about well-known services and ports, see the Microsoft Support article 832017, Service overview and network port requirements for the Windows Server system.