How GFI LanGuard works

Use GFI LanGuard to scan, analyze and remediate the health of your network devices. Install GFI LanGuard on a server within your network to:


Scan network devices to detect vulnerabilities, missing patches, open ports, running services and more.


View the network security status and analyze network security trends in the graphical dashboard and by generating reports.


Install missing updates, uninstall unauthorized applications, execute scripts, open remote desktop connections and run other tasks to maintain the health of your network and devices connected to it.

On installation, GFI LanGuard identifies reachable machines within your network. It collects information sets from the network machines as part of its Network Discovery operations and performs a deep scan to enumerate all the information related to target computers.

GFI LanGuard can be deployed in a number of ways, depending on the number and type of computers and devices you want to monitor, network bandwidth usage during normal operation times and the network topology.

Use the information below to help you understand the different deployment options. For more information refer to Deployment scenarios.

Basic scanning and auditing of network devices

Install GFI LanGuard on a server that meets the system requirements to run scans and audits of computers and devices. No additional software installations are required. GFI LanGuard creates a remote session with the specified scan targets and audits them over the network. On completion, the results are imported into the results database and the remote session ends. You can audit single computers, a range of specific computers and an entire domain/workgroup. For more information refer to Manual scans.

GFI LanGuard scanning devices over the network.

Note that scans run in this mode use the resources of the machine where GFI LanGuard is installed and utilize more network bandwidth since all auditing is done remotely. When you have a large network of scan targets, this mode can drastically decrease GFI LanGuard's performance and can affect network speed. Refer to the sections below if you have a large network.

GFI LanGuard Agents

GFI LanGuard can be configured to automatically deploy agents on computers. Agents minimize network bandwidth utilization because audits are done using the scan target's resources and only a result XMLAn open text standard used to define data formats. GFI LanGuard uses this standard to import or export scanned saved results and configuration. file is transferred over the network. Devices that have a GFI LanGuard agent installed will be scanned even if the device is not connected to the company network and are more accurate that agent-less scans because agents can access more information on the local host. For more information refer to Managing Agents,

Typically, networks contain a mixture of agent-based devices and other devices scanned over the network.

Devices that have an agent installed and devices scanned by GFI LanGuard over the network.

Agents send scan data to GFI LanGuard through TCP port 1072. This port is opened by default when installing GFI LanGuard. Agents do not consume resources on the scan target unless the agent is performing a scan or a remediation operation.

Note that agents can only be deployed on computers running a Microsoft Windows operating system and they require approximately 25 MB of memory and 350 MB of hard disk space.

Relay Agents

Relay agents reduce the load from the server where GFI LanGuard is installed to increase server performance and to apply bandwidth load balancing techniques. Computers configured as relay agents download patches and definitions directly from the GFI LanGuard server and forward them to client computers. The main advantages of using relay agents are:

  • Reduced bandwidth consumption in local or geographically distributed networks. If a Relay Agent is configured on each site, a patch is only downloaded once and distributed to client computers
  • Reduced hardware load from the GFI LanGuard server component and distributed amongst relay agents
  • Using multiple Relay Agents increases the number of devices that can be protected simultaneously.

Devices relaying data through a GFI LanGuard Relay Agent.

Note that you can have cascading relay agents where a relay agent relays data through another relay agent. It is recommended to keep the number of computers and agents directly connected to the GFI LanGuard server or to one Relay Agent below 100.

Only devices that have the GFI LanGuard Agent installed can be promoted to Relay Agents. Promoting an agent to a Relay Agent is done from within GFI LanGuard. For more information refer to Configuring Relay Agents.

The GFI LanGuard Central Management Server

GFI LanGuard Central Management Server is aimed at very large networks that want to monitor the operation of multiple GFI LanGuard instances in one central console. It offers administrators a view of the security and vulnerability status for all computers, networks or domains managed by the different GFI LanGuard instances. For more information refer to GFI LanGuard Central Management Server.

Multiple GFI LanGuard instances monitored by the GFI LanGuard Central Management Server

The GFI LanGuard Central Management Server is used for reporting only. Scans and remediation take place within each individual GFI LanGuard instance. Information is centralized to the GFI LanGuard Central Management Server soon after it becomes available in GFI LanGuard, depending on network size and amount of data being transferred.