i have heard that windows 2008 is good at locking down WIM to single port,b ut i have not tested. i woudl say that windows 2003 or earlier and you do not have a chance with WMI
Because WMI is based on DCOM it uses any port over 1024. The links below provide instructions on limiting WMI to a specific port or a limited range of ports.
I am posting because I still see this marked as Not Answered ( I know I looked here before )
Quick and Dirty - There are 2 parts required: (WMI uses DCOM and RPC to communicate)
On DMZ server - configure WMI to communicate only over port 24158. Now just 2 ports are required to be opened on the firewall, port 135 (RPC) and port 24158 (your 'fixed' not dynamic) DCOM port.
On the firewall - ACL rule should permit <IP address of SolarWInds server(s)> 192.168.0.0/16 tcp/135,tcp/24158 (your network team should be able to get this implemented)
I should note that the order of the ACL rule is relevant, I believe. Simply adding the new rule to the end of the ACL list might not 'just work'. You may have to move that rule up higher in the order.
Hope this helps someone,
An agent option has been implemented since which makes it easier to monitor servers in DMZ
If you have a sizeable number of servers in the DMZ, you can place a polling engine in the DMZ instead and monitor in an agentless fashion