Policy Manager 11 on Windows Server 2008 R2 - firewall rules for communication?
Since we can now no longer download the latest Client Security versions installer from F-Secure website, I have recently installed Policy Manager 11 on a Windows Server 2008 R2 server which didn't have any existing software using any of the ports 80, 8080 or 8081 prior to F-Secure Policy Manager being installed.
I have imported the Client Security 11 fscs-11.00-332-rtm into Policy Manager and exported the msi installer fscs-11.00-332-rtm-exported using the latest installation keycode and the fqdn of the policy manager server: http://servername.domain.local
I have performed the installation of fscs-11.00-332-rtm-exported.msi on my Windows 8 Enterprise computer which installed successfully and appears to be getting the updates from the F-Secure website.
1) The computer does not appear in the Policy Manager console which I suspect ports need to be opened for the Windows Server 2008 R2 firewall? Please confirm inbound and outbound ports required to be opened on the server.
2) On the default policy of the exported msi version does not allow F-Secure client to unload as it used to do on the standalone version. What settings need to be set to allow this feature to exist and apply the policy to the first computer I am testing on?
Siltanen Posts: 108 Former F-Secure Employee
1) By default inbound connections to port 80 are required to be opened in order for the client(s) to communicate with the Policy Manager Server. (8080 is reserved for the Policy Manager Console, and 8081 for the web reporting module.)
a. Change the Policy Manager Console (PMC) to Advanced mode (View -> Advanced mode)
b. Select the correct domain/subdomain/host, and select from the middle F-Secure -> F-Secure Management Agent -> Settings -> User Interface -> Allow user to unload products -> change this to "Allowed Always".
c. Distribute policies.6 1Like
Thankyou that has worked - I used this script on the server to add the Server 2008 R2 firewall rules:
netsh advfirewall firewall add rule name="F-Secure Client Communication" dir=in action=allow protocol=TCP localport=80 profile=domain
netsh advfirewall firewall add rule name="F-Secure Administration Communication" dir=in action=allow protocol=TCP localport=8080 profile=domain