Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Firewall settings to allow MBSA to work properly

Posted on 2009-04-08
8
Medium Priority
?
2,241 Views
Last Modified: 2013-11-22
Hi All

We have a server in our company which has an IP address on our network but which is not joined to the domain. It is behind a firewall and does not use the corporate proxy as it is not on the domain and therefore has no web access.

We need to get MBSA up and running on this box and I need to find out what I need to allow through the firewall to this box in order for that to happen.
We will also want to download the updates and install them.

From reading on Microsoft we need to open access to the web from that box on tcp ports 135,139,445 and udp ports 137,138

Do we need to allow access to a web address like windowsupdate.com or microsft.com for the downloads etc to work as well.

I have read a lot of the documentation but havent been able to get a clear answer.

All help apreciated..
0
Comment
Question by:darran_d
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 6

Assisted Solution

by:mickeyfan
mickeyfan earned 80 total points
ID: 24099732
How many user will be using this server? If it is no more than 2 your coudl use terminal services. This way you would only need to open just one port. Or you can purchase multiple licenses for more than 2 users. Just a thought.
0
 

Author Comment

by:darran_d
ID: 24099856
Hiya Mickeyfan

The server will only ever be logged on as a local admin, so in that sense one user..

Can you explain how to use terminal services to do this?

Wouldthis also facilitate downloading the updates as well?
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24099971
Sorry my bad. I was thinking Microsoft Small Business Accounting.

You will need to have access to windowsupdate.com for sure. It will need to have access to all avaiable updates.

If this server is on the same network as all of you physical server you will be fine.

But if it is on a DMZ or outside then you will need to port TCP 135,139,445 and udp 137 and 138 from the IP Address of your MBSA Server to your internal network. Allowing traffic in both directions.

The server does not have to be joined the domain to run MBSA.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:darran_d
ID: 24105106
Thanks for the plies.

So in summary you are saying that from the server IP address I need to allow acces to the web through
TCP Ports 135,139,445
UDP Ports 137,138
and also to the following website
windowsupdate.com

Should that do it? There are no more web addresses I need to allow and also the traffic needs to be allowed both ways.
0
 
LVL 6

Expert Comment

by:mickeyfan
ID: 24107229
If the server is internal the only thing you will need to allow is the domain windowsupdate.com, this goes along with port 80 for web of course. You would not have to allow the other ports.

However, If the server is not internal or it is in a DMZ or something then you will have to allow those ports both ways between the MBSA Server and the servers you are testing.
0
 

Accepted Solution

by:
darran_d earned 0 total points
ID: 24148301
Wasn'table to get this working via the ports etc above.

Downloaded and installed MBSA and then dowloaded the catalog files and ran it offline.

I downloaded the patches I wanted and copied manually to the server then
0
 

Author Comment

by:darran_d
ID: 24148330
No Objection
0
 

Expert Comment

by:pisboi
ID: 26282144
http://technet.microsoft.com/en-us/security/cc184922.aspx
See this link, under "Q: How can I scan a computer that is protected by a firewall?"
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question