Windows Firewall / Internet Connection Firewall

New Boundary Support
Install/Upgrade - General Information

The information in this article applies to the following products:

• Prism Deploy, all versions


Activation of the Windows Firewall on Windows XP Workstation (automatically turned on with Service Pack 2) or the Internet Connection Firewall on Windows 2003 Server may affect the communication between Prism clients and the Prism Channel Server.


Certain ports must be opened in the firewall in order for communication to be possible between the Prism Channel Server and the managed clients. In most cases File and Printer Sharing ports (comprised of ports 137/UDP, 138/UDP, 139/TCP, 445/TCP) are all that need to be opened, and in many cases they are open by default.

Explanation:  Windows XP Pro systems that have one or more shares configured before SP2 will have File and Printer Sharing enabled by default when the Windows Firewall is installed. See Figure 1. The Internet Connection Firewall that is part of Windows 2003 Server does not have any ports opened by default.

·         If you want to be able to install the Prism client on computers using the direct method through the Console, the firewall on the target computers must allow File and Printer Sharing. Note that the subscription method of installing the client is not affected by the firewall settings. If your Prism client PCs are polling correctly before SP2, they will still poll correctly after SP2 is installed – you don’t need to do anything unless you wish to direct install again and if File and Printer Sharing is not already enabled.

Figure 1

·         If you want to be able to deploy Tasks (Prism Packages, Scripts or other executables) that reside on a system with the firewall activated, you need to allow File and Printer Sharing on that system. For example, if you have a Package Task pointing to \\Server1\Prism\ and if  Server1 is a Windows 2003 Server with the firewall enabled, you will have to open the File and Printer sharing ports on Server1.

·         If your Prism Channel Server resides on a system with the firewall enabled (for example, Windows 2003 Server), you need to open port 3133/TCP to allow the Prism clients to communicate with the server. If your Task files (Prism Packages, Scripts, etc.) reside on the same server, you’ll also have to enable File and Printer Sharing if it isn’t already enabled by default. See Figures 2 and 3. Note: We do not recommend running the Prism Channel Server on a Windows XP workstation, because workstations have a 10 concurrent connection limit.

Figure 2           

Figure 3

·         It’s possible to use a Prism Package to enable File and Printer Sharing on the firewall. Figure 4 shows the necessary settings. This Package was created by taking a baseline Picture on an XP Pro SP2 system with only Remote Assistance enabled, opening up File and Printer Sharing ports, adding the Prism port, then finding changes. The Package could be installed to temporarily open up the necessary ports on a target machine, for example if you were planning to use the Direct method to upgrade the client. After the upgrade, the Package could be uninstalled to close the ports again.

Figure 4


Also In This Category

On a scale of 1-5, please rate the helpfulness of this article

Not Helpful
Very Helpful
Optionally provide your comments to help us improve this article...

Thank you for your feedback!

Add Your Comments
Email Address:
RadEditor - HTML WYSIWYG Editor. MS Word-like content editing experience thanks to a rich set of formatting tools, dropdowns, dialogs, system modules and built-in spell-check.
RadEditor's components - toolbar, content area, modes and modules
Toolbar's wrapper  
Content area wrapper
RadEditor's bottom area: Design, Html and Preview modes, Statistics module and resize handle.
It contains RadEditor's Modes/views (HTML, Design and Preview), Statistics and Resizer
Editor Mode buttonsStatistics moduleEditor resizer
RadEditor's Modules - special tools used to provide extra information such as Tag Inspector, Real Time HTML Viewer, Tag Properties and other.
Verification Code:
Last Modified: 18 Years Ago
Last Modified By: New Boundary Support
Type: INFO
Article not rated yet.
Article has been viewed 12.1K times.
Customer Support Software By InstantKB 2015-2
Execution: 0.000. 12 queries. Compression Disabled.