Before you install Microsoft iSCSI Software Target 3.2 you must configure the Windows Firewall to allow the necessary network traffic to pass. The following table lists the required ports.

Port Description

TCP 3260

Microsoft iSCSI Software Target Service. This port provides the primary access to the Microsoft iSCSI Software Target.

TCP 135

Remote Procedure Call (RPC), this port is required for Component Object Model (COM) communication.

UDP 138

NetBIOS Datagram Service, this exception should already exist for File and Print Service role, but may need to be added manually if not present.

N/A

Microsoft iSCSI Software Target Service, this exception should be added for the %windir%\system32\Wintarget.exe program.

N/A

Microsoft iSCSI Software Target status proxy. This exception should be added for the %windir%\System32\WTStatusProxy.exe program.

The following table contains the Windows Firewall exceptions that should be made on the iSCSI initiator computer.

Application exception Description

%windir%\System32\Wtvds.exe

The Microsoft iSCSI Software Target VDS Hardware Provider
To add an inbound filter rule for a program

  1. Open Windows Firewall with Advanced Security. In Server Manager, expand Configuration, expand Windows Firewall with Advanced Security, and then click Inbound Rules.

  2. In the Actions pane, click New Rule.

  3. Under What type of rule would you like to create, click Program. Click Next.

  4. Click Browse, and browse to the Windows\System32 folder and click Wintarget.exe. Click Open and then click Next.

  5. Click Allow the connection, and then click Next.

  6. Check the network locations that should be bound to this rule (the default is Domain, Private, and Public). Click Next.

  7. Under Name, type a descriptive name for the rule. For example, type Microsoft iSCSI Software Target Service for the program rule for Wintarget.exe. Click Finish.

To add an inbound filter rule for a port

  1. Open Windows Firewall with Advanced Security. In Server Manager, expand Configuration, expand Windows Firewall with Advanced Security, and then click Inbound Rules.

  2. In the Actions pane, click New Rule.

  3. Under What type of rule would you like to create, click Port. Click Next.

  4. Select the protocol for this rule, either TCP or UDP. Under Does this rule apply to all local ports or specific local ports, click Specific local ports and type in the appropriate port number.

  5. Click Allow the connection, and then click Next.

  6. Check the network locations that should be bound to this rule (the default is Domain, Private, and Public). Click Next.

  7. Under Name, type a descriptive name for the rule. For example, type Remote Procedure Call for the RPC communication on TCP port 135. Click Finish.

Sample Script to Add Windows Firewall Exceptions

You can automate the process of adding the Windows Firewall exceptions for Microsoft iSCSI Software Target 3.2 to a storage appliance running the Microsoft iSCSI Software Target by using the following sample script.

  Copy Code 
netsh advfirewall firewall add rule name="Microsoft iSCSI Software Target Service-TCP-3260" dir=in action=allow protocol=TCP localport=3260
netsh advfirewall firewall add rule name="Microsoft iSCSI Software Target Service-TCP-135" dir=in action=allow protocol=TCP localport=135
netsh advfirewall firewall add rule name="Microsoft iSCSI Software Target Service-UDP-138" dir=in action=allow protocol=UDP localport=138
netsh advfirewall firewall add rule name="Microsoft iSCSI Software Target Service" dir=in action=allow program="%SystemRoot%\System32\WinTarget.exe" enable=yes
netsh advfirewall firewall add rule name="Microsoft iSCSI Software Target Service Status Proxy" dir=in action=allow program="%SystemRoot%\System32\WTStatusProxy.exe" enable=yes