I am facing problem with the one of the WIndows server. While testing the connection I am getting the pop up saying, "Windows event log test connection unsuccessful. The windows firewall is blocking access to port 49156".
As checked on the firewall is disabled and on ERC I am able to the logs. Before this issue I was able to see the logs on ESM as well. And User and password are also correct.
Thanks and regards,
Santosh B Siddanaikar
it's difficult to know exactly whats the issue your face without looking close on the product.
but it's recommended checking again all the important fields
User name with the domain and a slash before? (e.g. "Domain\username")
firewall is open between the SIEM and data source?
firewall is allowing all needed ports?
on the WMI data source the user is configured correctly and with the correct permissions?
I add the same thing today in my system.
I opend in the firewall (network firewall - Checkpoint) the port that was in the Error (e.g. 49155)
and now it works.
you would maby want to open a range of ports e.g. 49000 - 63000
Port opening should be unidirectional or biredirectional.
When i run tcp command i get below packets:
11:15:51.374166 IP RECEIVER IP.60475 > SERVER IP.49156: Flags [S], seq 145925682, win 14600, options [mss 1460,nop,wscale 10], length 0
11:15:53.378166 IP RECEIVER IP.60475 > SERVER IP.49156: Flags [S], seq 145925682, win 14600, options [mss 1460,nop,wscale 10], length 0
Yes, traffic would be bidirectional.
if it still dosn't work.
i must sadlly say.... that i dont Have any more solutions.
i hope someone else in the community could help.