1 of 1 people found this helpful
To deploy an MVM solution through a Firewall I strongly suggest you to install an aditional Scan Engine in the local network you need to scan, a DMZ segment for example. In that way you just need to open three ports in the firewall to allow connection between Scan Engine and "MVM Server".
Just to re-iterate what gooru4speed has already stated if your deployment looks like this
MVM Controller -> Scanner -> Firewall -> Dest. Subnet
Your firewall rule will look this
Source = Scanner IP
Dest = Dest. Subnet
Ports = ALL (0-65535)
Protocol = ALL
This configuration also runs the risk of significantly degrading the firewall as the scanner can be quite brutal in the number and speed of connections it is making.
If you configure it like this
MVM Controller -> Firewall -> Scanner -> Dest. Subnet
The firewall rules
Scanner (ScanController) IP to Database Server on port 1433
Scanner IP To MVM Controller on port 3801
There might be other rules depending on your configuration but that's what we have done.