EV Reach - Configuring Windows Firewall Using Group Policy Object

Last modified on 2023/07/12 14:03

Windows Firewall can cause the EV Reach Agent not to function properly.

This article explains how to configure Windows Firewall using Group Policy Object (GPO) for EV Reach's optimal functionality.


The communication protocol used between EV Reach and the EV Reach client agents is Windows Socket through TCP/IP.  EV Reach version 9 uses TCP Port 22000 and EV Reach version 8 uses TCP Port 21158. This port number can be changed. For remote installation of the EV Reach Agent, File and Print Sharing must be enabled and allowed through the Windows Firewall. TCP Port 445 (SMB).

You must have the Windows Remote Server Administration Tools installed on your machine which includes the Group Policy Management Console where we will be configuring the GPO. (Windows Server's have this installed by default, for Windows workstation operating systems you must download RAS tools from Microsoft.com for your corresponding operating system )

Both methods can be configured in the same location.

1. Launch the Group Policy Management Console.


2. Expand the Default Domain policy, right click and choose Edit to launch the Group Policy Management Editor.


3. In the Group Policy Management Editor expand: Computer Configuration > Policies >  Administrative templates > Network > Network Connections > Windows Firewall > Domain Profile

Using Group Policy Management Console to Create a GPO for Adding Ports to Windows Firewall

  1. In the Right pane, double click on Windows Firewall: Define inbound port exceptions


2. Click on Enabled and Show.


3. The Show Contents window will appear, enter the following Values:


445:TCP:localsubnet:Enabled:File and Print Sharing (SMB-In) (Set on all machines that will have the EV Reach Agent installed. Used by EV Reach Consoles to push Agent to machines.)

For EV Reach v9:

  • 22000:TCP:localsubnet:Enabled:GoverlanV9(For all machines that will have the EV Reach Agent installed)
  • 22100:TCP:localsubnet:Enabled:GoverlanReachServer(Only set on the EV Reach Server as this is inbound to the EV Reach Server.)
  • 15155:TCP:localsubnet:Enabled:GoverlanReachGateway(Default or Custom Port used for inbound communication to the EV Reach Gateway Server, used by internal EV Reach Agents to confirm they are internal.) 

For EV Reach v8:

  • 21158:TCP:localsubnet:Enabled:GoverlanV821160:TCP:localsubnet:Enabled:GoverlanCentralServer (This configuration needs to be set on the EV Reach Server)
Powered by XWiki © EasyVista 2024