This documentation has been archived and is no longer maintained.
Parameters Windows firewall and configuring ports for client computers in Configuration Manager
Applies to: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1
Client computers in System Center 2012 Configuration Manager that are running Windows Firewall often require exceptions to be configured to be able to connect to their sites. The exceptions that must be configured depend on the management features used with the Configuration Manager client.
The following sections provide information about how to define these management features and other information about configuring Windows Firewall exceptions.
The Configuration Manager features listed below require Windows Firewall exceptions.
If you run the Configuration Manager console on a computer that is running Windows Firewall, the first time queries fail and the operating system displays a dialog box asking you to unblock statview.exe. If you unblock statview.exe, further requests will run without errors. Alternatively, you can manually add Statview.exe to the list of programs and services on the Exceptions windows firewall window before making the request.
To connect client computers to Configuration Manager site systems, add the following exceptions to the Windows Firewall.
outgoing traffic. TCP port 80 (for HTTP connection)
outgoing traffic. TCP port 443 (for HTTPS connection)
For a management point to notify client computers that it should take an action when an administrator selects a client action in the Configuration Manager console, such as load computer policy or search malware, add the following Windows Firewall exception:
outgoing traffic. TCP port 10123
If this communication does not work, Configuration Manager automatically reverts to using the existing client and management point communication ports over HTTP or HTTPS:
outgoing traffic. TCP port 80 (for HTTP connection)
outgoing traffic. TCP port 443 (for HTTPS connection)
To launch Remote Assistance from the Configuration Manager console, add a custom program Helpsvc.exe and configurable TCP port 135 incoming traffic to the list of allowed programs and services on the client computer's Windows Firewall. You must also allow Remote Assistance and Remote Desktop. If you run Remote Assistance on a client computer, Windows Firewall will automatically configure and allow the Remote Assistance and Remote Desktop.
For System Center 2012 Configuration Manager SP1 and later:
When wake-up proxy is enabled, a new service called Configuration Manager wake-up proxy uses a peer-to-peer protocol to check if other computers are running on the subnet and wakes them up if necessary. This type of communication uses the following ports:
outgoing traffic. UDP port 25536
outgoing traffic. UDP port 9
These are the default port numbers that can be changed in Configuration Manager using client settings. Power management - Wake Proxy Port Number (UDP) and Port number (UDP) of Wake on LAN. If you specify the parameter Power management: Windows Firewall Exception for Wake Proxy, these ports are automatically configured in Windows Firewall for clients. If clients use a different firewall, you must manually set exceptions for these port numbers.
In addition to these ports, the wake-up proxy also uses ICMP echo requests from one client computer to another computer. This connection is used to check if another client computer is active on the network. ICMP is sometimes referred to as TCP/IP ping commands. System Center 2012 Configuration Manager SP1 does not configure Windows Firewall for these TCP/IP Ping commands, so if you are not running System Center 2012 R2 Configuration Manager, you must manually allow this ICMP traffic to communicate with the wake-up proxy.
If you have System Center 2012 Configuration Manager SP1 and not System Center 2012 R2 Configuration Manager, use the following procedure to configure Windows Firewall with custom rule A to allow incoming TCP/IP Ping traffic for the wake-up proxy.
In the Windows Firewall with Advanced Security console, create a new inbound rule.
In the New Inbound Rule Wizard, on the page Rule Type select customizable, and then click Further.
On the page Program leave All programs, and then click the button Further.
On the page Protocols and ports click the dropdown protocol type, select ICMPv4, and then click Tune.
In the window Configuring ICMP Settings press the button Certain types of ICMP, select echo request, and then click OK.
On the page Region leave the default settings for local and remote IP addresses, and then click Further.
On the page Action, make sure the parameter Allow connection turned on and then click Further.
On the page Profile select the profiles that will use the wake-up proxy (for example, Domain) and then press Further.
On the page Name provide a name for this rule, and optionally enter a description to help you understand that this rule is needed for the wake-up proxy. Then click Ready to close the wizard.
For more information about the wake-up proxy, see the Articles section.
To open the Windows Event Viewer, the system windows monitor and Windows diagnostics from the Configuration Manager console, specify in the firewall windows exception General access to files and printers.
The following table lists the ports used during client installation.
For more information about configuring Windows Firewall on a client computer, see .
In addition to the ports listed in the previous table, client push installation sends ICMP echo request messages from the site server to the client computer to verify that the client computer is available on the network. The ICMP protocol is sometimes referred to as the TCP/IP ping commands. It does not have a UDP or TCP protocol number and therefore is not listed in the following table. However, for client push installation to succeed, intermediate network devices, such as firewalls, must allow ICMP traffic to pass through.
Description | UDP protocol | |
|---|---|---|
The SMB protocol between the site server and the client computer. | ||
An RPC endpoint mapper between the site server and the client computer. | ||
Dynamic RPC ports between the site server and the client computer. | ||
80 (see note 1 Alternative port available) |
||
443 (see note 1 Alternative port available) |
Description | UDP protocol | |
|---|---|---|
HTTP protocol from the client computer to the software update point. | 80 or 8530 (see note 2) |
|
HTTPS protocol from the client computer to the software update point. | 443 or 8531 (see note 2 Services Windows updates server) |
|
/source:<путь> . |
Description | UDP protocol | |
|---|---|---|
HTTP protocol from the client computer to the management point if the connection is established through the HTTP port | 80 (see note 1 Alternative port available) |
|
HTTPS protocol from the client computer to the management point if the connection is over HTTPS. | 443 (see note 1 Alternative port available) |
|
SMB protocol between source server and client computer when CCMSetup command-line property is set /source:<путь> . |
Description | UDP protocol | |
|---|---|---|
The SMB protocol between the client computer and the network share from which CCMSetup.exe runs. | ||
HTTP protocol from the client computer to the management point if the connection is over HTTP and the CCMSetup command-line property is not set /source:<путь> . | 80 (see note 1 Alternative port available) |
|
HTTPS protocol from the client computer to the management point if the connection is over HTTPS and the CCMSetup command-line property is not set /source:<путь> . | 443 (see note 1 Alternative port available) |
|
SMB protocol between source server and client computer when CCMSetup command-line property is set /source:<путь> .Alternative port available |
Hello! Glad to be with you again. I haven't written anything for almost a week, because I got involved in an adventure called "Spanish Money: To Freedom!" Who knows, he will understand me
Today I want to tell you about disabling the firewall in Windows 7. First, according to tradition, a little educational program.
What is a firewall and why turn it off?
Firewall, aka firewall (firewall), aka firewall (hereinafter, these words will be used as synonyms) protects our computer from intrusions from outside and from information leakage into the network. In general, the word firewall in English means "fire wall", and the firewall is the same, only in German, if I'm not mistaken. Normally, this should be a separate software product, powerful program! For example Outpost Firewall, Comodo Firewall or Norton Internet Security. But third party programs, as a rule, bulky, take a lot system resources and require a lot of knowledge and nerves to set up. Therefore, most users are satisfied with the built-in firewall in Windows. I must say right away that disassembling these programs is not included in the topic of this article, in order to receive more information, subscribe to blog updates.
However, almost all popular ones have a built-in firewall. So, if you have installed such an antivirus, then you may have a completely legitimate desire to disable the built-in firewall in Windows 7. Also, for various problems with or vice versa - with access from the Internet to the computer, you can try disabling the firewall to check whether it is the case . In some cases, the firewall may affect the .
Disabling Windows 7 Firewall
I must say right away that compared to the Windows XP firewall, the seven has quite reliable protection, and you should turn it off only if you know exactly what it was exchanged for and what will happen to you.
If you still decide to disable the Windows 7 firewall, then I will show you how easy it is to do it step by step:
- To enter the enable/disable firewall window, go to the panel Windows controls 7 and run firewall setup. We go to "Start -> Control Panel", and then, depending on the type of control panel view, the placement of the firewall icon will be slightly different.
For the classic view, click on the firewall icon: 
For categories, click on "System and Security", and then on "Firewall" 
A small digression is required here. The fact is that Windows 7 distinguishes between Home (Work) networks and Public networks. It is easy to guess that home and work networks are local networks under your control, and the public ones are the Internet. For home networks, they usually do not include a firewall, even if there is no alternative, just so as not to have access problems. For example, if you have a computer or media player connected to home network, so that there are no problems with access to computer resources, it is better to turn off the firewall in relation to home networks.
If you installed another program or an antivirus with a built-in firewall, then turning off the Windows 7 firewall is mandatory for all networks! This is necessary because two firewalls should not be running on the computer at the same time, just like two antiviruses should not be installed. Otherwise, they will conflict with each other, which can lead to severe computer slowdown or even freezing. It's like letting your mother-in-law and daughter-in-law share the same kitchen.
How can I just turn off the service?
In principle, after the actions taken, the protection no longer works. But some just turn off Windows Service 7 Firewall. In this case, all firewall functions are disabled, regardless of its settings. To disable a service:
- Go to "Start -> Control Panel -> System and Security -> Administrative Tools -> Services" and find "Windows Firewall" in the list.
- Click on it right click and select "Stop"
- To prevent the firewall from turning on after reboot, right-click again and select "Properties", and then change the startup type to "Disabled"
Now the firewall is disabled and will not be enabled on the next boot. Accordingly, to enable the Windows 7 firewall, carry out all actions in reverse order
Remember! That by disabling the firewall permanently, having no other alternative, you put your computer and all the data on it at risk!
If there are any access problems that disappear after turning off the firewall, then it is better to figure it out once and correctly configure the service than to turn it off completely.
From this article, you learned what the Windows 7 firewall is, how to disable it correctly, why it is needed at all, and what it can be fraught with. can be done in reverse order. Share this article with your friends, they will thank you!
And this is dessert for today, dog Norman learned to ride a bike!