Overview

GFI OneGuard works with various network setups, including multiple domains controlled from a single platform. The platform needs to communicate with the GFI OneGuard Controller instance deployed in other domains to install and manage agents on the client machines. This article provides a general guideline to prepare the environment and to configure GFI OneGuard for multiple domains. 

Process

1. Open the firewall for the below ports to ensure that the platform, the machine where the Controller is installed, and the machines on the other domains can communicate.

   TCP Ports	Description
   80	Listening port on GFI OneGuard platform server, handling all platform-Controller-agents communications. This port can be customized from the Controller's settings.
   135	Remote WMI - Port used for agent deployment on both server and client machines managed by GFI OneGuard.
   139	Remote Registry - Port used for agent deployment on both server and client machines managed by GFI OneGuard.
   443	Listening port on GFI OneGuard platform server, accepting the transfer of data from the Controller to the platform.
   445	Remote Registry - Port used for agent deployment on both server and client machines managed by GFI OneGuard.

   1. Navigate to Windows Firewall > Advanced settings > Inbound Rules and enable File and Printer Sharing (Echo Request - ICMPv4-In), as shown in the below image.

       
   2. In third-party firewalls, these settings may vary according to the model of the firewall. Some firewalls exempt specific protocols or services. In those cases, you must enable 'ping.' Some firewalls refer to this setting as Ping or Incoming Ping. Others refer to it by its technical name, ICMP Echo Reply. Regardless of the name, make sure to allow this protocol.

2. Install a GFI OneGuard Controller on each domain to be monitored by GFI OneGuard. After the installation is complete, make sure that the new Controller can communicate with the platform:

   1. Login to the GFI OneGuard platform using an administrative account.

   2. Navigate to Settings > Network Control.

   3. Make sure that the new Controller is listed under Controllers. In case the Controller is not listed, check its status and configuration.

3. Configure the Controller to use an account with full permissions on the remote machines within the domain to manage:

   1. Login to the GFI OneGuard Platform using an administrative account.

   2. Navigate to Settings > Network Control.

   3. Click the  icon next to the Controller installed on the domain that you want to manage.

   4. Enter the username and password of an account with administrative privilege on the domain. This account is used to install the agent and execute remote actions like scanning for missing patches, installing patches and updating anti-virus definitions.

   5. Click Save Settings.

Confirmation

After completing the steps above, wait until the Controller discovers the new machines, which will show in the Discovered Devices section when completed.  Once the devices are discovered, they are ready to be remotely managed by the GFI OneGuard platform.