Looking for a strategy or solution on how to securely allow a monitoring service to scan windows hosts through a firewall using the WMI service. The challenge is that the scanning service will initially connect on 135/tcp and then will negotiate a random high port between 1024 to 65535 to establish another connection on.
Are there any app defenses/proxies available on MFE 8.3.X that we could use?
Found an old thread from 2012 with the same challenge but not answers:
The firewall does not have the ability to understand the WMI extensions in order to open up those high ports. You must open all those ports or configure WMI to only use a certain range of ports and then open those.