Firewall ports for Officescan 10.5?

[Hawkbox]

I'm trying to fix up a lot of bad decisions made by the previous admins here and one of them is their decision to explicitly turn all the firewalls off. Yes, all of them. So I'm going through and testing for weirdness as I start enabling them again on the Windows servers and workstations. But I'm getting issues with Officescan reporting as offline even though as near as I can tell I've opened all of the relevant ports. As soon as I kill the firewall it reports online again but I'm not experienced enough with firewalls to know a good way to monitor what ports it's using to open them or I'm missing something very obvious....

Any suggestions of how to check this out or where to start looking?

Thanks

 

[Nate7311]

http://esupport.trendmicro.com/solution/en-us/1054836.aspx

 

[Hawkbox]

I'm fairly certain I've opened all of those up but I'll double check today. I've gone through so many pages on their support page I can't remember all of them.

 

[Hawkbox]

Yeah I tried all those ports and it still reports as offline. Damn it. I have a VM running in workstation on this machine with the policy disabled and it reports as online, I'm running TCPView to see if I can figure out what ports are in use that I'm not opening but man this is annoying.

 

[Hawkbox]

Well that's weird. According to the Management console the port all the clients are listening on is the first port I unblocked. And the workstation that reports online on it shows as offline in the management window. W.T.F. 411 clients and only 162 of them report as online. I think it's time to harass Trend.

 

[bigdogchris]

I just wiped my OfficeScan 10.6 server this morning, so I can't check the settings, but I can say for a fact you can configure it while keeping the firewall up.

During configuration, you have to choose whether the clients communicate to the admin server via IP or via DNS. I configured using the default IP and Apache, with no certificate. I would suggest checking these settings in the admin console, making sure it's via IP (I think a little more reliable).

The link listed earlier shows the ports for the firewall (I don't remember the configuration being very complicated, so only 8080 should be necessary).

Also, I suggest that you look in the Trend Micro admin installation folder. One of the configuration files has the license key in it. Grab that key and bring up a VM and reinstall 10.6 from scratch (and do it right). As long as you configured the clients to look at a specific IP, you can take down the old server and bring up the new one (with same IP) and the clients will automatically import. You can change their containers and settings from there. Most of the default settings are what I would recommend so there would be very little configuration change.