Protocols and Ports Required for Netwrix Auditor

To ensure successful data collection and activity monitoring, Netwrix Auditor has to communicate through firewall and requires some ports to be opened for inbound and outbound connections.

If you use... Do the following...

Windows Firewall

If you are running Windows Firewall on the computer where Netwrix Auditor Server is going to be installed, the 135, 9004, 9699, 9011, and one dynamic port will be opened automatically for inbound connections during Netwrix Auditor installation. For outbound rules, create or enable predefined Windows Firewall rules.

NOTE: Before installing Netwrix Auditor, make sure that the Windows Firewall service is started.

Third-party Firewall

If you use a third-party firewall, you must create rules manually.

To create Firewall rules manually

The example below applies to Windows Firewall and explains how to create a rule for inbound connection.

  1. Start the Windows Firewall service.
  2. Navigate to Start Control Panel and select Windows Firewall.
  3. In the Help Protect your computer with Windows Firewall page, click Advanced settings on the left.
  4. In the Windows Firewall with Advanced Security dialog, select Inbound Rules on the left.
  5. Click New Rule. In the New Inbound Rule wizard, complete the following steps:

    • On the Rule Type step, select Port.
    • On the Protocol and Ports step, select TCP or UDP. In the Specific local ports field specify the port number.
    • On the Action step, select the Allow the connection action.
    • On the Profile step, make sure that the rule applies to all profiles (Domain, Private, Public).
    • On the Name step, specify the rule's name, for example Netwrix Auditor TCP port_number Access.

In most cases, this configuration is enough to ensure successful data collection and processing. If your organization policy requires you to provide a justification for each particular port, review the following for a full list of ports to be opened on the computer where Netwrix Auditor Server is going to be installed and on your target servers.