OMCI + Windows XP Pro Firewall Issues

Question

We currently have 150 new Dell workstations which we plan to manage using IT assistent v6.5 on the server side and OMCI 7.0.1 on the client side. There is nothing wrong with this set-up it works as planned. We would however also like to enable the Windows XP firewall on all clients to be slightly more protected against certain viruses and worms. Ofcourse when we enable the firewall it stops working. We would like to know the port numbers which will be used by CIM to connect the clinets and the server. Network sniffing and some logging points to a high number of ports, some off which are in the < 1024 range so easilly identifiable. it seems that at least part of the instrumentation uses random port numbers over 1024 and some ports are related to older management protocols like SNMP. Is SNMP still needed if we use CIM for client management or is that just a protocol we can drop all together? (I'd like to do that with regards to security issues.) Which brings me to my big questions. 1. Is it possible to restrict the ports used to a certain range (Both on client and server side) 2. Is it possible to drop all ather protocols like SNMP again on server and client side? 3. If OMCI etc. uses a set range of ports which are they? (Don't think they do though.... :-( ) 4. anyone have any different idea's to approach this problem? thanx in advance :-D

DELL-SeanC · Answer

It is possible to drop SNMP as the network management protocol and use CIM instead, however not all devices(switches) or operating systems (linux & netware) support CIM, so there may still be a requirement for SNMP to manage some devices. It is possible to restrict the ports used by CIM see the article on DCOM from Microsoft

Ports Used by IT Assistant
http://docs.euro.dell.com/docs/software/smitasst/6.5/en/ref_gd/portlist.htm

Using Distributed COM with Firewalls
http://www.microsoft.com/com/wpaper/dcomfw.asp

Enabling CIM Discovery and Security in IT asistant
http://docs.euro.dell.com/docs/software/smitasst/6.5/en/ref_gd/install.htm#enabling_cim_dicovery

Systems Management General

Was this post helpful?