Hello, does any supported configuration of PRTG monitoring include having WMI/DCOM ports range limited to a count of about 200? Is after performing such configuration on windows side also necessary to adjust some settings on PRTG side? By the way, as probe requires just about one open port, what about having separate probe on each monitored server? Would such approach cause some problems?
Limit number of WMI/DCOM ports in DMZ for PRTG
Modified on 2025-06-10 21:31:02 +0200
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Hi there,
Next to the TCP port 135, WMI connections require ports of the range 1024 to 5000. It's not possible to limit this number in PRTG. The best approach to monitor devices in a DMZ is to install one or more remote probes in the DMZ. This way you just need to open one TCP port (23560 by default). If you plan to deploy multiple remote probes, this single port is still sufficient.
You can install the remote probe software on every machine, but it's not required if all devices in the DMZ are located in the same network segment. The scans can then be sent from the remote probe to the hosts of the DMZ without any firewall blocking the connections. The gathered data is then forwarded to the core server via one open port in the DMZ firewall.
Best regards, Felix
May, 2017 - Permalink