Open Ports by Active Directory Policy

You can open the ports necessary to remotely deploy the client in a large network, by centrally configuring the Windows Firewall using Group Policy.


Before you can successfully open ports using Windows Group Policy to deploy the Ivanti Device and Application Control client, you must:

As with other TCP-based services, the Application Server cannot establish full two-way communication with clients connecting through a firewall, unless the required ports are open. To open ports closed by firewall policy:

  1. From the Windows Start menu, select Run gpmc.msc.
  2. From the Group Policy Management window, select the Forest and Domain where you will create the Windows Firewall policy.
  3. Right-click Default Domain Policy.
  4. Expand the Computer Configuration hierarchy.
  5. Navigate to Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile.
  6. Right-click Windows Firewall: Allow file and printer sharing exception.
  7. Select Properties > Setting tab.
  8. Select Enabled.
  9. In the Allow unsolicited incoming messages from field, type Localsubnet.
  10. Tip: To enhance security, you can replace Localsubnet with specific IP addresses for the computers allowed to deploy the Ivanti Device and Application Control client.

  11. Click Apply.
  12. Click OK.

TCP ports 139 and 445 and UDP ports 137 and 138 are opened, making the ports available on the same local IP subnet.

Related Tasks: