3 Replies Latest reply on Sep 4, 2012 5:25 AM by tony.lin

    Through the firewall




            We need to use vulnerability manager scan through the firewall, what should we need to do with firewall. which port we should open? 

        • 1. Re: Through the firewall

          To deploy an MVM solution through a Firewall I strongly suggest you to install an aditional Scan Engine in the local network you need to scan, a DMZ segment for example. In that way you just need to open three ports in the firewall to allow connection between Scan Engine and "MVM Server".

          1 of 1 people found this helpful
          • 2. Re: Through the firewall

            Hi Tony


            Just to re-iterate what gooru4speed has already stated if your deployment looks like this


            MVM Controller -> Scanner -> Firewall -> Dest. Subnet


            Your firewall rule will look this


            Source = Scanner IP

            Dest = Dest. Subnet

            Ports = ALL (0-65535)

            Protocol = ALL


            This configuration also runs the risk of significantly degrading the firewall as the scanner can be quite brutal in the number and speed of connections it is making.



            If you configure it like this


            MVM Controller -> Firewall -> Scanner  -> Dest. Subnet


            The firewall rules


            Scanner (ScanController) IP to Database Server on port 1433

            Scanner IP To MVM Controller on port 3801


            There might be other rules depending on your configuration but that's what we have done.



            • 3. Re: Through the firewall