Advertisement

Download the List of SCCM CB Firewall Communication Ports

Firewall ports and communications between SCCM Current Branch Site servers, Site Systems, Domain Controllers and Clients are important when you perform SCCM CB architecture and design.  In this post, I’ll share the spreadsheet that contain the details of SCCM Current Branch (CB) firewall port requirements. In general, we can segregate the Firewall ports in two categories 1. Configurable ports (custom ports) and 2. Non Configurable ports. I cover only the default recommended ports documented in the TechNet here. Also, additional communication ports mentioned here are not covered in the list below and spreadsheet.

When you have SCCM CB hierarchy with CAS and primary servers then you need to be more conscious about the SCCM CB Firewall ports requirement. I have a post related to this topic which talks about SCCM 2012 Firewall Requirements here (there is not much change between SCCM 2012 and CB in terms Firewall ports).

Update : Internet access requirement or proxy exception list for SCCM CB is also very important when you deploy SCCM current branch within organizations. TechNet documentation about SCCM CB internet access requirements are here.

Download List of SCCM CB Firewall Communication Ports here

SCCM_CB_Intune_Architecture_Diagram

No.From To UDP TCP Description Direction
1Asset Intelligence Synchronization Point Microsoft 443 https Unidirection
2Asset Intelligence Synchronization Point SQL Server 1433 SQL Over TCP Unidirection
3App Catalog Web Service Point SQL Server 1433 SQL Over TCP Unidirection
4App Catalog Website Point App Catalog Web Service Point 80/443 http/https Unidirection
5Client App Catalog Website Point 80/443 http/https Unidirection
6Client Client (wol) 9/25536 WOL/WUP Unidirection
7Client NDES 80/443 http/https Unidirection
8Client Cloud DP 443 https Unidirection
9Client DP 80/443 http/https Unidirection
10Client DP with Multi Cast 63000-64000 445 Multi Cast/SMB Unidirection
11Client DP with PXE 67/68/69/4011 DHCP/TFTP/BINL Unidirection
12Client FSP 80 http Unidirection
13Client Domain 3268/3269 LDAP/LDAP SSL Unidirection
14Client MP 10123/80/443 Client Notification/http/https Unidirection
15Client SUP 80/8530/443/8531 http/https Unidirection
16Client SMP 80/443/445 http/https/SMB Unidirection
17Console Client 2701/3389 RC/RDP/RTC Unidirection
18Console Internet 80 http Unidirection
19Console Reporting Service Point 80/443 http/https Unidirection
20Console Site Server 135 RPC Endpoint Mapper Unidirection
21Console SMS Provider 135 RPC Dy/135 RPC endpoint Mapper/RPC Dynamics Unidirection
22NDES Policy Module Certificate Registration Point 443 https Unidirection
23DP MP 80/443 http/https Unidirection
24Endpoint Protection Internet 80 http Unidirection
25Endpoint Protection SQL Server 1433 SQL Over TCP Unidirection
26Enrollment Proxy Point Enrollment Point 443 https Unidirection
27Enrollment Point SQL Server 1433 SQL Over TCP Unidirection
28Exchange Server Connector Exchange Online 5986 WRM with https Unidirection
29Exchange Server Connector On Prem Exchange Server 5985 WRM with http Unidirection
30Mac Computer Enrollment Proxy Point 443 https Unidirection
31MP DOMAIN 135/636 389/636/3268/3269/135/RPC Dy LDAP/GC LDAP/RPC EPM/RPC Dynamic Unidirection
32MP Site Server 135/RPC Dyn/445 RPC EPM/RPC Dynamic/SMB Bidirection
33MP SQL Server 1433 SQL Over TCP Unidirection
34Mobile Device Enrollment Proxy Point 443 https Unidirection
35Mobile Device Intune 443 https Unidirection
36Reporting point SQL Server 1433 SQL Over TCP Unidirection
37Site Server App Catalog Web Service point 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Bidirection
38Site Server App Catalog Website Point 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Bidirection
39Site Server Asset Intelligence Synchronization Point 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Bidirection
40Site Server Client (WOL) 9 WOL Unidirection
41Site Server Cloud DP 443 https Unidirection
42Site Server DP 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Unidirection
43Site Server DOMAIN 135/636 389/636/3268/3269/135/RPC Dy LDAP/GC LDAP/RPC EPM/RPC Dynamic Unidirection
44Site Server Certificate Registration Point 135 445/135/Dyn RPC RPC EPM/RPC Dynamic/SMB Bidirection
45Site Server End Point Protection 135 445/135/Dyn RPC RPC EPM/RPC Dynamic/SMB Bidirection
46Site Server Enrollment Point 135 445/135/Dyn RPC RPC EPM/RPC Dynamic/SMB Bidirection
47Site Server Enrollment Proxy Point 135 445/135/Dyn RPC RPC EPM/RPC Dynamic/SMB Bidirection
48Site Server FSP 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Bidirection
49Site Server Internet 80 http Unidirection
50Site Server Issuing CA 135 135/Dyn RPC RPC EPM/RPC Dynamic Bidirection
51Site Server Reporting Service Point 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Bidirection
52Site Server Site Server 445 SMB Bidirection
53Site Server SQL Server 1433 SQL Over TCP Unidirection
54Site Server SQL Server 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Unidirection
55Site Server SMS Provider 135 445/135/RPC Dyn RPC EPM/RPC Dynamic/SMB Unidirection
56Site Server SUP 445/80/8530/443/8531 http/https/SMB Bidirection
57Site Server SMP 135 445/135 RPC EPM/SMB Bidirection
58SMS Provider SQL Server 1433 SQL Over TCP Unidirection
59SUP Internet 80 http Unidirection
60SUP Upstream WSUS Server 80-8530/443-8531 http/https Unidirection
61SQL Server SQL Server 4022/1433 SQL Over TCP/SQL SSB Unidirection
62SMP SQL Server 1433 SQL Over TCP Unidirection
63Service Connection Point Intune 443 https Unidirection
64Site Server Site System 135 135/RPC Dyn RPC EPM/RPC Dynamic Unidirection
65Site Server Domain/DNS 53/67/68/137/138 139/53 DHCP/DNS/NetBIOS Unidirection

About Author 

Anoop is Microsoft MVP and Veeam Vanguard ! He is a Solution Architect on enterprise client management with more than 13 years of experience (calculation done on the year 2014) in IT. He is Blogger, Speaker and Local User Group Community leader. His main focus is on Device Management technologies like SCCM 2012,Current Branch, Intune. He writes about the technologies like SCCM, SCOM, Windows 10, Azure AD, Microsoft Intune, RMS, Hyper-V etc...

    Find more about me on:
  • googleplus
  • twitter
  • facebook
  • linkedin
  • youtube
Posted in: ConfigMgr (SCCM)

2 Comments

  1. René Kierstein says:

    Hi, Asset Intelligence Synchronization Point, you mean port 443, right?

Leave a Comment and Contact Anoop