Fixlet to open Port in Firewall on PCs that have firewall enabled

(imported topic written by SystemAdmin)

Hi All

I’ve been trying to create a fixlet that will modify the Windows Firewall and add an exclusion for the Riverbed WAN Optimisation client on port 7801. What I’ve tried is to create a custom copy of the BES Fixlet that opens the port on the firewall for the BES client.

I’ve started working with just the relevance area of the Fixlet and it’s currently showing no relevant PCs even though we don’t have an open port for that. Once I get that working I’ll move on to getting the scripting to allow the port to work. The BES Client fixlet points to a registry key but Riverbed does not store it’s port information in the Registry, instead inside a config file, and so I just tried to make it call the port number value directly. Currently my PC does not have a open port listing for this but using the Relevance debugger my PC lists the relevance as False.

Below is the edited relevance statement:

((((((not exists module “inspect.dll”) OR (exists module “inspect.dll” AND (version string “ProductVersion” of module “inspect.dll” as version != “4.1.8.05” as version) AND (version string “ProductVersion” of module “inspect.dll” as version != “4.1.8.04” as version))) AND ((((name of it = “WinXP” or name of it = “WinXPe”) AND (it = “” OR it ends with “1”) of csd version of it) OR ((name of it = “Win2003” OR name of it = “WinXP-2003”) AND csd version of it = “”)) of operating system)) AND ((exists application of file type “.vbs” of registry) AND (exists file “cscript.exe” of system folder))) AND (version of regapp “BESClient.exe” >= “4.1”)) AND (not ((exists key whose (value “DisplayName” of it = “BES Relay” OR value “DisplayName” of it = “BigFix Enterprise Relay”) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall” of registry) OR (exists key “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server” whose (exists value “BESInstalled” of it AND value “BESInstalled” of it =1) of registry)))) AND (exists internet connection firewall whose (enabled of it AND not exists port mapping whose (enabled of it AND protocol of it = “udp” AND internal port of it as string = “7801” as string) of it) of adapters of network)

If someone can either fix my relevance or even supply a whole fixlet for the task it would be greatly appreciated.

(imported comment written by BenKus)

Which OS are you running?

The key part of that relevance is:

(exists internet connection firewall whose (enabled of it AND not exists port mapping whose (enabled of it AND protocol of it = “udp” AND internal port of it as string = “7801” as string) of it) of adapters of network)

What does that return on your system?

Ben

(imported comment written by SystemAdmin)

I’m running Windows XP with Service Pack 3. I run that statement in the relevance editor and it returns True regardless if I have the port listing there or not.

Since I posted this I have talked to our infrastructure team and they want this run on all PCs regardless of it existing or not. So I just performed a software deployment with a CMD file that runs NetSH to open the port. Thanks for the assistance though. This can be closed.