This functionality is only available for certain module packages. Info / Copyright

Configuring the firewall

As of Eplan License Manager Version 2026 no port ranges are required anymore for the configuration of the firewall. A maximum of three ports are required. Default values are set at them during installation and in Eplan License Manager - Configurator Version 2026. You can customize these preset ports.

Default port for communication between server and client: 9363
Default port for communication between the server and failover: 9364
Default port for reporting (only contained in the Eplan License Manager Professional module package): 9365

Depending on the functions used, you set up a rule for each port in the firewall. The following section describes two ways to configure the Windows Defender Firewall for the server / client connection.

ClosedConfiguring Windows Firewall with advanced security
  1. Open the configuration program for the Windows Defender Firewall via Start > Run.
  2. In the Run dialog enter the wf.msc command.

    3. The Windows Defender Firewall with Advanced Security dialog opens.

  3. Select Incoming rules and the New rule... action.

    4. The wizard for new incoming rules is opened.

  4. Select the Port rule type. Continue clicking.
  5. Select TCP and enter Port 9363 in the Specific local ports field. Continue clicking.
  6. Select Allow connection. Continue clicking.
  7. Activate the selection Domain and Private. Continue clicking.
  8. Assign a name for the rule and confirm the settings.

Repeat this process for the outgoing rule and, if further functions are used, for further ports.

ClosedConfiguring the permission of an app
  1. Open the Windows security dialog in Windows.
  2. Select the Firewall & network protection menu item.
  3. Select the Allow an app through firewall menu item.

    4. The Allowed apps dialog opens.

  4. Click on Allow another app....
  5. Navigate to the installation directory of the Eplan License Manager C:\Program Files\EPLAN\ELM and select the file Elm.exe
  6. Click on Add and allow communication.

    7. Repeat steps 4 to 5 for the other four applications in the Eplan License Manager installation directory.

ClosedOptional: Activating logging of the accesses

In the case of a blocked access a log file is written which is stored in the following file path: C:\Windows\System32\LogFiles\Firewall\pfirewall.log.

If this file does not exist, you must enable logging in the Windows Defender Firewall as follows:

  1. Open the configuration program for the Windows Defender Firewall via Start > Run.
  2. In the Run dialog enter the wf.msc command.

    3. The Windows Defender Firewall with Advanced Security dialog opens.

  3. Open the popup menu of Windows Defender Firewall with Advanced Security on Local Computer and select the Properties menu item.

    4. The domain profile is displayed.

  4. Use the Customize button to activate the logging.
  5. Select the Yes setting in both drop-down lists Log dropped packets and Log successful connections.
  6. Also select these firewall settings for the Private profile and the Public profile profiles.
  7. Open the pfirewall.log. file and check which entry is identified by the firewall as "DROP".

    8. Example

    An entry generated by the Eplan License Client can look like this:

    2022-01-07 04:45:38 DROP TCP 172.16.125.74 172.16.125.52 10978 135 48 S 2446232184 0 64240 - - - RECEIVE 632

ClosedConfiguring the firewall (up to Version 2025)

Two variants are described in the following sections. It is assumed that a group called "ELM-User" has been created in the domain for the second variant.

ClosedConfiguring the firewall for the Eplan License Manager "ELM.exe" ("Windows Security")

Port 135 is used to contact the "Distributed Component Object Model" (DCOM). Using a handshake method, this determines a dynamic port that is foreseen for use with the Eplan License Manager.

The ELM.exe file should be added as an exception rule so that it functions with a firewall. An enable is then issued for all ports that communicate with this file.

When a failover is used, you must also configure the ELMConfig.exe file in the firewall on both systems, "Primary" and "Standby Server".

You can carry out a simple configuration via the settings of the "Windows security":

  1. Open the Windows settings via Start > Settings.
  2. Open the Update and security settings.
  3. Click Windows security.
  4. Click the Open Windows Security button.
  5. Select Firewall & network protection and Allow an app through rirewall.
  6. Click the Change settings button.
  7. Click the Allow another app button.

    8. The Add app dialog opens.

  8. Click Browse.
  9. Change to the C:\Program Files\Eplan\ELM directory.
  10. Select the ELM.exe file.
  11. Click the Open button.
  12. Click the Add button.

    13. The Eplan Remote Dongle Service entry is added.

  13. Activate the Private and Public check boxes.
  14. Click OK.
  15. The firewall for the ELM.exe file is configured.

ClosedConfiguring the firewall for the failover

When a failover is used, you must also configure the ELMConfig.exe file in a firewall on the system of the Primary License Manager and the Standby License Manager. In addition the ICMPv4 and ICMPv6 settings have to be activated.

You can carry out a simple configuration via the settings of the "Windows security":

1. Configuring "ELMConfig.exe"

  1. Open the Windows settings via Start > Settings.
  2. Open the Update and security settings.
  3. Click Windows security.
  4. Click the Open Windows Security button.
  5. Select Firewall & network protection and Allow an app through rirewall.
  6. Click the Change settings button.
  7. Click the Allow another app button.

    8. The Add app dialog opens.

  8. Click Browse.
  9. Change to the C:\Program Files\Eplan\ELM directory.
  10. Select the ELMConfig.exe file.
  11. Click the Open button.
  12. Click the Add button.

    13. The Eplan Remote Dongle Service entry is added.

  13. Activate the Private and Public check boxes.
  14. Click OK.
  15. The firewall for the ELMConfig.exe file is configured.

2. Activate ICMPv4 and ICMPv6

  1. Open the configuration program for the Windows Defender Firewall via Start > Run.
  2. In the Run dialog enter the wf.msc command.

    3. The Windows Defender Firewall with Advanced Security dialog opens.

  3. Open Incoming rules.
  4. Select the following entries from the Incoming rules list:
    • Core network diagnostics - ICMP echo request (ICMPv4 incoming)
    • Core network diagnostics - ICMP echo request (ICMPv6 incoming)
    • File and printer release (echo request - ICMPv4 incoming)
    • File and printer release (echo request - ICMPv6 incoming)
  5. Open the Properties.
  6. Activate the Activated check box.
  7. The firewall for ICMPv4 and ICMPv6 is configured.

ClosedConfiguring the firewall for "COM+ - network access (DCOM)"

You can carry out a simple configuration via the settings of the "Windows security":

  1. Open the configuration program for the Windows Defender Firewall via Start > Run.
  2. In the Run dialog enter the wf.msc command.

    3. The Windows Defender Firewall with Advanced Security dialog opens.

  3. Open Incoming rules.
  4. Select the "Object COM+ network access (DCOM-In)" entry in the Incoming rules list.
  5. Open the Properties.
  6. Activate the Activated check box.
  7. The firewall for COM+ - network access (DCOM) is configured.

ClosedOptional: Activating logging of the accesses

In the case of a blocked access a log file is written which is stored in the following file path: C:\Windows\System32\LogFiles\Firewall\pfirewall.log.

If this file does not exist, you must enable logging in the Windows Defender Firewall as follows:

  1. Open the configuration program for the Windows Defender Firewall via Start > Run.
  2. In the Run dialog enter the wf.msc command.

    3. The Windows Defender Firewall with Advanced Security dialog opens.

  3. Open the popup menu of Windows Defender Firewall with Advanced Security on Local Computer and select the Properties menu item.

    4. The domain profile is displayed.

  4. Use the Customize button to activate the logging.
  5. Select the Yes setting in both drop-down lists Log dropped packets and Log successful connections.
  6. Also select these firewall settings for the Private profile and the Public profile profiles.
  7. Open the pfirewall.log. file and check which entry is identified by the firewall as "DROP".

    8. Example

    An entry generated by the Eplan License Client can look like this:

    2022-01-07 04:45:38 DROP TCP 172.16.125.74 172.16.125.52 10978 135 48 S 2446232184 0 64240 - - - RECEIVE 632

Important

Make sure to select the "Yes" setting for the profiles of the firewall rules "Domain", "Private" and "Public".

For further information on the configuration of the "Port range" for external firewalls, please refer to the manufacturer's documentation, for example here.

Read more