Configure SCOM firewall rules

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# SCOM Firewall Rules
Invoke-Command -ComputerName $ServerName -ScriptBlock {
  If ((Get-NetFirewallRule -DisplayName 'SCOM Traffic*') -eq $null)
  {
    Write-Verbose -Message "Writing SCOM Firewall Rules for $ServerName" 
    New-NetFirewallRule -DisplayName 'SCOM Traffic Inbound IP Rules (TCP)' -Enabled True -Direction Inbound -Action Allow -LocalPort 80, 443, 1723, 8530, 8531, 445, 135, 5985, 5986 -Protocol TCP -Profile Domain 

    <# SNMP Network Monitoring
    New-NetFirewallRule -DisplayName 'SCOM Traffic - Ping Response (Echo Response – ICMPv4 IN)' -Enabled True -Direction Outbound -Action Allow -LocalPort 80, 443, 1723, 8530, 8531, 445, 135, 5985, 5986 -Protocol TCP -Profile Domain 
    New-NetFirewallRule -DisplayName 'SCOM Traffic - SNMP Response' -Enabled True -Direction Outbound -Action Allow -LocalPort 80, 443, 1723, 8530, 8531, 445, 135, 5985, 5986 -Protocol TCP -Profile Domain 
    New-NetFirewallRule -DisplayName 'SCOM Traffic - SNMP Trap Listener' -Enabled True -Direction Outbound -Action Allow -LocalPort 80, 443, 1723, 8530, 8531, 445, 135, 5985, 5986 -Protocol TCP -Profile Domain 
    #>

  }
  Else
  {
    Write-Verbose -Message "SCOM Firewall Rules exist on $ServerName. Continuing..."
  }
}