Due to security restrictions in a customer's environment, the ITCM agents need to be deployed to agent computers with the Windows firewall enabled.
The following configuration needs to be done on the firewall in order to run successful deployments in a restricted environment.
CA Client Automation - All Versions
Windows Operating Systems - All Versions
1. In Windows Firewall with Advanced Security application open the 'Properties' window and select the proper profile tab to configure the firewall.
Set the 'firewall state' to 'On (recommended)'
Set the 'inbound connections' to 'Block (default)'
Set the 'outbound connections' to 'Allow (default)'
Click the 'OK' button to save the configuration.
After that add a new custom inbound rule not setting any port but selecting the 'ICMPv4' value in the 'Protocol type' drop down list in the 'Protocols and Ports' tab of the rule being created. Leave the rest of tabs with default values, set the rule name and save it.
2. Then add the following rules to the 'Inbound' rules to open the following ports in the firewall:
By default, the firewall will allow the outbound traffic if there is no rule blocking it, so no outbound definition would be needed in the default configuration.
These ports have to be open only during the deployment process. When the deployment is completed just a few of them (135, 4104, 4105, 4728 and 7163) have to remain open for ITCM to work.