GFI LanGuard system requirements
Computers running GFI LanGuard must meet the system requirements described below for performance reasons.
Hardware requirements
Computers hosting GFI LanGuard must meet the following hardware requirements:
| Component |
1 to 100 Computers |
100 to 500 Computers |
500 to 3,000 Computers |
|---|---|---|---|
| Processor | 2 GHz Dual Core | 2.8 GHz Dual Core | 3 GHz Quad Core |
| Physical Storage | 5 GB | 10 GB | 20 GB |
| RAM | 2 GB | 4 GB | 8 GB |
| Network bandwidth | 1544 kbps | 1544 kbps | 1544 kbps |
Software requirements
GFI LanGuard components can be installed on any computer that meets the software requirements listed in this section. For more information, refer to:
- Supported operating systems
- Supported databases
- GFI LanGuard and TLS 1.1 or higher
- Target computer components
Supported operating systems (32-bit/64-bit)
The following table lists operating systems and versions where GFI LanGuard can be installed. Ensure that you are running the Full (with GUI) version of these operating systems, and running the latest Service Pack as provided by Microsoft.
Supported databases
GFI LanGuard uses a database to store information from network security audits and remediation operations. The database backend can be any of the following:
For improved performance, it is highly recommended to use an SSDSolid State Drives are storage devices for computers. These drives use flash memory technology to provide superior performance and durability to traditional Hard Disk Drives. drive for the database server. Compared to traditional Hard Disk Drives, SSDs deliver superior performance with lower access time and lower latency.
GFI LanGuard and TLS 1.1 or higher
If you plan to deploy GFI LanGuard in an environment where TLS 1.1 and above is running, you need to enable FIPS-Compliant algorithms on the computer where the GFI LanGuard is installed.
To enable FIPS-Compliant algorithms:
- Go to Start > Run and type
gpedit.msc - Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies.
- Double-click Security Options.
- In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
- Check Enabled and click OK.
- Reboot the computer.
Target computer components
The following table provides you with information about components that are required to be installed or enabled on computers to be scanned remotely (agent-less) by GFI LanGuard:
| Component | Description |
|---|---|
| Secure Shell (SSH) | Required for UNIX/LinuxAn open source operating system that is part of the Unix operating system family./Mac OS based scan targets. SSH server must be installed and enabled. |
| File and Printer Sharing | Required for machines running Microsoft operating systems to enumerate and collect information about scan targets. |
| Remote Registry | Ensure that this service is running on machines using Microsoft operating systems. This is required to collect information about scan targets, such as Operating System details, user and computer data. |
Firewall Ports and Protocols
This section provides you with information about the required firewall ports and protocols settings for:
GFI LanGuard and Relay Agents
Configure your firewall to allow inbound connections on TCP port 1072, on computers running:
- GFI LanGuard
- Relay Agents
This port is automatically used when GFI LanGuard is installed, and handles all inbound communication between the server component and the monitored computers. If GFI LanGuard detects that port 1072 is already in use by another application, it automatically searches for an available port in the range of 1072-1170.
To manually configure the communication port:
1. Launch GFI LanGuard.
2. Go to Configuration > Manage Agents.
3. From the right pane, click Agents Settings.
4. From the Agents Settings dialog, specify the communication port in the TCP port text box.
5. Click OK.
GFI LanGuard Agent and Agent-less computers
Communications between GFI LanGuard and managed computers (Agents and Agent-less), are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:
| TCP Ports | Protocol | Description |
|---|---|---|
| 22 | SSH | Auditing Linux systems. |
| 135 | DCOM | Dynamically assigned port. |
| 137 | NetBIOS | Computer discovery and resource sharing. |
| 138 | NetBIOS | Computer discovery and resource sharing. |
| 139 | NetBIOS | Computer discovery and resource sharing. |
| 161 | SNMPSimple Network Management Protocol is a protocol for network management. It is used to collect information from network devices, such as servers, printers, hubs, switches, and routers. |
Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c. SNMPv3 and SNMP over TLS / DTLS are not supported. |
| 445 | SMB |
Used while:
|
Gateway permissions
To download definition and security updates, GFI LanGuard connects to GFI, Microsoft, and Third-Party update servers via HTTP. Ensure that the firewall settings of the machine where GFI LanGuard is installed allows connections to:
- gfi-downloader-137146314.us-east-1.elb.amazonaws.com
- *software.gfi.com/lnsupdate/
- *.download.microsoft.com
- *.windowsupdate.com
- *.update.microsoft.com
- All update servers of Third-Party Vendors supported by GFI LanGuard.
For more information, refer to:
- Supported Third-Party applications: http://go.gfi.com/?pageid=LAN_PatchMng
- Supported application bulletins: http://go.gfi.com/?pageid=3p_fullreport
- Supported Microsoft applications: http://go.gfi.com/?pageid=ms_app_fullreport
- Supported Microsoft bulletin: http://go.gfi.com/?pageid=ms_fullreport
Antivirus & Backup exclusions
AntivirusA software countermeasure that detects malware installed on a computer without the user's knowledge. & backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files.
Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard server, Agents, Relay Agents and the GFI LanGuard Central Management Server:
<system drive>\ProgramData\GFI\