View a list of protocols needed to connect your network devices to your event monitors.
The Remote Registry service must be running on the system being monitored. The Remote Registry service runs by default on all server versions of Windows. On desktop versions of Windows, it is disabled by default.
When using a domain account, the user must be a member of the Domain Users group. On the systems being monitored, the Domain Users group must be a member of the Performance Monitor Users group.
When using a local account, the user must be a member of the "Users" and "Performance Monitor Users" groups
Performance counters use DCOM/RPC and a dynamic set of ports in the range of 49152 to 65535. In Windows Firewall, allowing "File and Printer Sharing" is sufficient to allow performance counter monitoring.
When using a domain account, the user must be a member of the Domain Admins group.
When using a local account, the user must be a member of the "Users" and "Distributed COM Users" groups.
The account must be granted "Enable Account" and "Remote Enable" in the WMI Control applet (wmimgmt.msc) for the Root\CIMV2 namespace.
WMI uses DCOM/RPC and a dynamic set of ports in the range of 49152 to 65535. In Windows Firewall, allowing "Windows Management Instrumentation" is sufficient to allow WMI monitoring.
When using SNMPv1 or SNMPv2c, the community string must match what the device has been configured to use.
When using SNMPv3, the user name, security level, passphrase, and protocol must match the device’s configuration.
UDP port 161 is the default for SNMP and must be permitted in your firewall configuration.
When using SSH logins, a valid user name and password must be supplied. When using SSH keys, a valid key file must be added to the selected authentication profile.
TCP port 22 is the default for SSH is must be permitted in your firewall configuration.
TCP Port 80 is the default for HTTP monitoring. TCP port 443 is the default for HTTPS monitoring.
ICMP (Internet Control Message Protocol) is a low level protocol that uses IP datagrams.
In Windows Firewall, enabling the rule "File and Printer Sharing (Echo Request - ICMPv4-In)" will allow the system to respond to IPv4 ping requests. Use "File and Printer Sharing (Echo Request - ICMPv6-In)" to allow IPv6 pings.
Older versions of Windows use port 139 for SMB. Newer versions of Windows use port 445 for SMB. In Windows Firewall, enabling "File and Printer Sharing (SMB-In)" will allow SMB monitoring.
DNS uses UDP port 53
FTP uses TCP port 21
LDAP uses port 389
POP3 uses port 110. When SSL/TLS is enabled, POP3 uses port 995 instead.
SMTP uses port 25. When SSL/TLS/STARTLS is enabled SMTP uses port 587 instead.
Telnet uses TCP port 23
DCOM/RPC uses a dynamic set of ports in the range of 49152 to 65535. In Windows Firewall, allowing "File and Printer Sharing (SMB-In)" is sufficient to allow WMI monitoring.
In addition to the requirements for RCP/DCOM, the account used for Windows service monitoring must be a local or domain admin.
Named Pipes use DCOM/RPC which in turn uses a dynamic set of ports in the range of 49152 to 65535. In Windows Firewall, allowing ""File and Printer Sharing (SMB-In)" will permit named pipes.
Under the hood, WinRM uses either HTTP or HTTPS but on a non-standard port. For HTTP it uses port 5985. For HTTPS it uses 5986. To easily add a firewall exception for WinRM requests, open a command line window on the system being monitored and run: winrm /qc
Object Linking and Embedding Database (OLEDB) is an API designed by Microsoft for accessing databases. It uses RPC/COM for communications and therefore has the same port and firewall requirements as RPC/COM.
Active Directory Service Interfaces (ADSI) uses RPC/COM to access Active Directory. Since it uses RPC/COM for communications, it therefore has the same port and firewall requirements.
The Remote Registry API uses RPC/COM for communications and therefore has the same port and firewall requirements as RPC/COM.
The default port for Modbus is 502. Most Modbus systems do not directly implement firewalling or security. If they are protected by an additional firewall layer, it must permit port 502.
ARP stands for Address Resolution Protocol and is used for discovering devices on the local network link. It does not require any specific authentication nor any firewall rules.
Syslog is a protocol often used by networking equipment to send messages to a monitoring system. Messages are sent over UDP port 514. To enable your FrameFlow installation to receive Syslog messages, Windows Firewall must be configured to allow that port.
The Windows Event Log API uses RPC/COM for communications and therefore has the same port and as RPC/COM. For Windows Firewall, an exception for "Remote Event Log Management" is required.
TCP/IP is a set of protocols and standards that form the basis of modern networking. Connections in TCP/IP are made by selecting a port number that corresponds to a defined protocol. When Windows Firewall is active, an exception is required to allow traffic on the selected port.