cancel
Showing results for 
Search instead for 
Did you mean: 

Through the firewall

Jump to solution

Hi

      We need to use vulnerability manager scan through the firewall, what should we need to do with firewall. which port we should open? 

1 Solution

Accepted Solutions
ritch
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Through the firewall

Jump to solution

Hi Tony

Just to re-iterate what gooru4speed has already stated if your deployment looks like this

MVM Controller -> Scanner -> Firewall -> Dest. Subnet

Your firewall rule will look this

Source = Scanner IP

Dest = Dest. Subnet

Ports = ALL (0-65535)

Protocol = ALL

This configuration also runs the risk of significantly degrading the firewall as the scanner can be quite brutal in the number and speed of connections it is making.

If you configure it like this

MVM Controller -> Firewall -> Scanner  -> Dest. Subnet

The firewall rules

Scanner (ScanController) IP to Database Server on port 1433

Scanner IP To MVM Controller on port 3801

There might be other rules depending on your configuration but that's what we have done.

Ritch

3 Replies
Highlighted

Re: Through the firewall

Jump to solution

To deploy an MVM solution through a Firewall I strongly suggest you to install an aditional Scan Engine in the local network you need to scan, a DMZ segment for example. In that way you just need to open three ports in the firewall to allow connection between Scan Engine and "MVM Server".

ritch
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Through the firewall

Jump to solution

Hi Tony

Just to re-iterate what gooru4speed has already stated if your deployment looks like this

MVM Controller -> Scanner -> Firewall -> Dest. Subnet

Your firewall rule will look this

Source = Scanner IP

Dest = Dest. Subnet

Ports = ALL (0-65535)

Protocol = ALL

This configuration also runs the risk of significantly degrading the firewall as the scanner can be quite brutal in the number and speed of connections it is making.

If you configure it like this

MVM Controller -> Firewall -> Scanner  -> Dest. Subnet

The firewall rules

Scanner (ScanController) IP to Database Server on port 1433

Scanner IP To MVM Controller on port 3801

There might be other rules depending on your configuration but that's what we have done.

Ritch

Re: Through the firewall

Jump to solution

Thanks

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator