Computers running GFI LanGuard must meet the system requirements described below for performance reasons.
- Hardware Requirements
- Software Requirements
- Firewall Ports and Protocols
- Gateway Permissions
- Antivirus and Backup Exclusions
Computers hosting GFI LanGuard must meet the following hardware requirements:
1 to 100 Computers
100 to 500 Computers
500 to 3,000 Computers
|Processor||2 GHz Dual Core||2.8 GHz Dual Core||3 GHz Quad-Core|
|Physical Storage||5 GB||10 GB||20 GB|
|RAM||2 GB||4 GB||8 GB|
|Network bandwidth||1544 kbps||1544 kbps||1544 kbps|
GFI LanGuard components can be installed on any computer that meets the software requirements listed in this section. For more information, refer to:
- Supported Operating Systems
- Supported Databases
- GFI LanGuard and TLS 1.1 or higher
- Target Computer Components
For a complete list, please refer to GFI LanGuard Microsoft Supported Applications.
Supported Operating Systems (32-bit/64-bit)
The following table lists operating systems and versions where GFI LanGuard can be installed. Ensure that you are running the Full (with GUI) version of these operating systems, and running the latest Service Pack as provided by Microsoft.
|Windows® Server 2019|
|Windows® Server 2016|
|Windows® Server 2012 (including R2)|
|Windows® Server 2008 (including R2) Standard/Enterprise|
|Windows® 10 Professional/Enterprise|
|Windows® 8/8.1 Professional/Enterprise|
|Windows® 7 Professional/Enterprise/Ultimate|
|Windows® Vista Business/Enterprise/Ultimate|
|Windows® Small Business Server 2011|
GFI LanGuard uses a database to store information from network security audits and remediation operations. The database backend can be any of the following:
|Database server||Recommended Use|
|SQL Server Express® 2008 or later||This database server has a 10GB limit and is therefore recommended for networks containing up to 500 computers. If a database server is not available, the GFI LanGuard installer can automatically download and run the Microsoft SQL Express installer.|
SQL Server® 2008 or later
|Recommended for larger networks containing 500 computers or more.|
For improved performance, it is highly recommended to use an SSD drive for the database server. Compared to traditional Hard Disk Drives, SSDs deliver superior performance with lower access time and lower latency.
Back to Software Requirements
Back to top
GFI LanGuard and TLS 1.1 or higher
If you plan to deploy GFI LanGuard in an environment where TLS 1.1 and above is running, you need to enable FIPS-Compliant algorithms on the computer where the GFI LanGuard is installed.
To enable FIPS-Compliant algorithms:
- Go to Start > Run and type
- Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies.
- Double-click Security Options.
- In the details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing.
- Check Enabled and click OK.
- Reboot the computer.
Target Computer Components
The following table provides you with information about components that are required to be installed or enabled on computers to be scanned remotely (agent-less) by GFI LanGuard:
|Secure Shell (SSH)||Required for UNIX/Linux/Mac OS-based scan targets. SSH server must be installed and enabled.|
|File and Printer Sharing||Required for machines running Microsoft operating systems to enumerate and collect information about scan targets.|
|Remote Registry||Ensure that this service is running on machines using Microsoft operating systems. This is required to collect information about scan targets, such as Operating System details, user and computer data.|
Firewall Ports and Protocols
This section provides you with information about the required firewall ports and protocols settings for:
GFI LanGuard and Relay Agents
Configure your firewall to allow inbound connections on TCP port 1072, on computers running:
- GFI LanGuard
- Relay Agents
This port is automatically used when GFI LanGuard is installed and handles all inbound communication between the server component and the monitored computers.
If GFI LanGuard detects that port 1072 is already in use by another application, it automatically searches for an available port in the range of 1072-1170.
To manually configure the communication port:
- Launch GFI LanGuard.
- Go to Configuration > Manage Agents.
- From the right pane, click Agents Settings.
- Specify the communication port in the TCP port text box.
- Click OK to apply the changes.
GFI LanGuard Agent and Agent-less computers
Communications between GFI LanGuard and managed computers (Agents and Agent-less) are done using the ports and protocols below. The firewall on managed computers needs to be configured to allow inbound requests on the following ports:
|22||SSH||Auditing Linux systems.|
|135||DCOM||Dynamically assigned port.|
|137||NetBIOS||Computer discovery and resource sharing.|
|138||NetBIOS||Computer discovery and resource sharing.|
|139||NetBIOS||Computer discovery and resource sharing.|
Used for computer discovery. GFI LanGuard supports SNMPv1 and SNMPv2c.
SNMPv3 and SNMP over TLS / DTLS are not supported.
To download definition and security updates, GFI LanGuard connects to GFI, Microsoft, and Third-Party update servers via HTTP. Ensure that the firewall settings of the machine where GFI LanGuard is installed allow connections to:
- All update servers of Third-Party Vendors supported by GFI LanGuard.
For more information, refer to:
- Supported Third-Party Applications
- Supported Application Bulletins
- Supported Microsoft Applications
- Supported Microsoft Bulletin
Antivirus and Backup Exclusions
Antivirus and backup software can cause GFI LanGuard to malfunction if it is denied access to some of its files.
Add exclusions that prevent antivirus & backup software from scanning or backing up the following folder on the GFI LanGuard Server, Agents, Relay Agents, and the GFI LanGuard Central Management Server: