First post, first question.......
Have an extensive VMware environment and using VSheild. Several remote hub servers queued to send to a single relay server.
As I check the detailed flows in vSheild, I see numerous ports in use on one specific hub, but those ports are not being used on the remaining hubs.
My question is what ports/protocolls are required for monitoring my environment? Right now I am seeeing packets for FTP, TelNet, SMTP, DNS, HTTP, KERBEROS, POP3, NBSS, MS_RPC_TCP, IMAP, LDAP, HHTPS, MS-DS, LDAP-over-SSL and MS-SQL-S.
But the remaining hubs do not show near as many ports. My question is wrapped completely around what I can disallow in vShelid and what I have to allow. Need to lock down the environment but not disrupt monitoring.
Any assist is appreciated.