Help - Network Discovery not working against AWS

Need some urgent help. Network Discovery does not find any subnets or nodes when scanning AWS subnets. The subnets exist with plenty of nodes on them. I suspect there is some sort of blocking or filtering on the AWS side that is preventing the discovery. Can anyone advise what the requirements are for Network Discovery to work? Ports, protocols, inbound\outbound, etc.

  • Network discovery works on essentially the same ports as normal monitoring.  So from your polling engine you need to have potentially snmp on udp 161 to talk to linux or network appliances, and you would need all the normal WMI ports for WMI based polled, tcp 135 from the poller to initiate but the responses come back across nearly all the ephemeral windows ports unless you modify settings in a GPO to narrow the range down.

  • I've been testing this in different ways. What I have found is that discovery does not work at all, only discovery. I am trying to find primarily Windows and Linux nodes, but no subnets or nodes are found at all. Interestingly, I have both Windows and Linux nodes in AWS that are running the agent and monitored successfully. Even if I point the discovery directly at the IP of a monitored server, it finds nothing. Even if I have ICMP reply enabled in the discovery, nothing is found.

    For now, I have ensured TCP 17778, UDP 161, and ICMP are in the AWS networking security groups. I'm going to try to add TCP 135 and test today. If you can think of anything else, any help would be GREATLY appreciated!