Windows Firewall Issues
Configuring Windows Firewall to allow remote WMI
When obtaining data from a remote computer, WMI must establish a DCOM connection. If a Windows firewall is running with default settings, it will not allow this connection. To allow remote WMI through the firewall, on the computer to be monitored, perform these steps:
In a command shell on the system to be monitored, type:
OR, depending on your version of Windows:
OR, if you would rather use the Group Policy editor than the NETSH commands above, use the following steps in the Group Policy editor (Gpedit.msc) to enable "Allow Remote Administration" on the computer to be monitored.
1. Under the Local Computer Policy heading, double-click Computer Configuration.
2. Double-click Administrative Templates, Network, Network Connections, and then Windows Firewall.
3. If the computer is in the domain, then double-click Domain Profile; otherwise, double-click Standard Profile.
4. Click Windows Firewall: Allow remote administration exception.
5. On the Action menu, select Properties.
6. Click Enable, and then click OK.
Connecting through external Firewalls
Our suggestion: don't. If you have different security zones in your network that are separated by firewalls or NAT devices, and no host is excluded from these restrictions, then simply install multiple collectors - one on each side of the firewall or NAT devices - to monitor hosts in those zones appropriately.
If you wish to try to monitor Windows hosts from a collector that is firewalled from them, you must ensure that DCOM works, and that no NAT is being performed.