Configuring Windows Firewall for iSCSI Software Target

  • Article

Applies To: Microsoft iSCSI Software Target

Before you install the Microsoft iSCSI Software Target, you must configure the Windows Firewall to allow the necessary network traffic to pass. The following table lists the required ports.

Port or application Description

TCP 3260

Microsoft iSCSI Software Target Service. This port provides the primary access to the Microsoft iSCSI Software target.

TCP 135

Remote Procedure Call (RPC), this port is required for Component Object Model (COM) communication.

UDP 138

NetBIOS Datagram Service, this exception should already exist for File and Print Service role, but may need to be added manually if not present.

%windir%\System32\Wintarget.exe

Microsoft iSCSI Software Target Service

%windir%\System32\WTStatusProxy.exe

Microsoft iSCSI Software Target status proxy

Note

You may receive remote procedure call (RPC) errors when trying to remotely manage a Microsoft iSCSI Software Target if you do not configure the Windows Firewall exception for WTStatusProxy.exe.

The following table contains the Windows Firewall exceptions that should be made on the iSCSI initiator computer.

Application exception Description

%windir%\System32\Wtvds.exe

The Microsoft iSCSI Software Target VDS Hardware Provider

To add an inbound filter rule for a program

  1. Open Windows Firewall with Advanced Security. In Server Manager, expand Configuration, expand Windows Firewall with Advanced Security, and then click Inbound Rules.

  2. In the Actions pane, click New Rule.

  3. Under What type of rule would you like to create, click Program, and then click Next.

  4. Click Browse, browse to the %windir%\System32 folder, and then click Wintarget.exe. Click Open and then click Next.

  5. Click Allow the connection, and then click Next.

  6. Select the network locations that should be bound to this rule (the default is Domain, Private, and Public). Click Next.

  7. Under Name, type a descriptive name for the rule. For example, type Microsoft iSCSI Software Target Service for the program rule for Wintarget.exe. Click Finish.

To add an inbound filter rule for a port

  1. Open Windows Firewall with Advanced Security. In Server Manager, expand Configuration, expand Windows Firewall with Advanced Security, and then click Inbound Rules.

  2. In the Actions pane, click New Rule.

  3. Under What type of rule would you like to create, click Port, and then click Next.

  4. Select the protocol for this rule, either TCP or UDP. Under Does this rule apply to all local ports or specific local ports, click Specific local ports and type in the appropriate port number.

  5. Click Allow the connection, and then click Next.

  6. Select the network locations that should be bound to this rule (the default is Domain, Private, and Public). Click Next.

  7. Under Name, type a descriptive name for the rule. For example, type Remote Procedure Call for the RPC communication on TCP port 135. Click Finish.