Open Ports by Active Directory Policy
You can open the ports necessary to remotely deploy the client in a large network, by centrally configuring the Windows Firewall using Group Policy.
Before you can successfully open ports using Windows Group Policy to deploy the Ivanti Device and Application Control client, you must:
- Have administrative user access to the computer where you are deploying the Ivanti Device and Application Control client.
- Install the Microsoft® Group Policy Management Console. See Installing Microsoft Group Policy Management Console(https://www.microsoft.com/windowsserver2003/gpmc/default.mspx) for additional information about installing the Microsoft Group Policy Management Console.
- Install Microsoft .Net Framework. See Installing Microsoft .Net Framework (https://www.microsoft.com/downloads/Search.aspx?displaylang=en#) for additional information about installing Microsoft .Net Framework.
As with other TCP-based services, the Application Server cannot establish full two-way communication with clients connecting through a firewall, unless the required ports are open. To open ports closed by firewall policy:
- From the Windows Start menu, select Run gpmc.msc.
- From the Group Policy Management window, select the Forest and Domain where you will create the Windows Firewall policy.
- Right-click Default Domain Policy.
- Expand the Computer Configuration hierarchy.
- Navigate to Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
- Right-click Windows Firewall: Allow file and printer sharing exception.
- Select Properties > Setting tab.
- Select Enabled.
- In the Allow unsolicited incoming messages from field, type Localsubnet.
- Click Apply.
- Click OK.
Tip: To enhance security, you can replace Localsubnet with specific IP addresses for the computers allowed to deploy the Ivanti Device and Application Control client.
TCP ports 139 and 445 and UDP ports 137 and 138 are opened, making the ports available on the same local IP subnet.