Download the List of SCCM CB Firewall Communication Ports

2
Advertisement

Firewall ports and communications between SCCM Current Branch Site servers, Site Systems, Domain Controllers and Clients are important when you perform SCCM CB architecture and design.  In this post, I’ll share the spreadsheet that contain the details of SCCM Current Branch (CB) firewall port requirements. In general, we can segregate the Firewall ports in two categories 1. Configurable ports (custom ports) and 2. Non Configurable ports. I cover only the default recommended ports documented in the TechNet here. Also, additional communication ports mentioned here are not covered in the list below and spreadsheet.

When you have SCCM CB hierarchy with CAS and primary servers then you need to be more conscious about the SCCM CB Firewall ports requirement. I have a post related to this topic which talks about SCCM 2012 Firewall Requirements here (there is not much change between SCCM 2012 and CB in terms Firewall ports).

Update : Internet access requirement or proxy exception list for SCCM CB is also very important when you deploy SCCM current branch within organizations. TechNet documentation about SCCM CB internet access requirements are here.

Download List of SCCM CB Firewall Communication Ports here

SCCM_CB_Intune_Architecture_Diagram

No.FromToUDPTCPDescriptionDirection
1Asset Intelligence Synchronization PointMicrosoft443httpsUnidirection
2Asset Intelligence Synchronization PointSQL Server1433SQL Over TCPUnidirection
3App Catalog Web Service PointSQL Server1433SQL Over TCPUnidirection
4App Catalog Website PointApp Catalog Web Service Point80/443http/httpsUnidirection
5ClientApp Catalog Website Point80/443http/httpsUnidirection
6ClientClient (wol)9/25536WOL/WUPUnidirection
7ClientNDES80/443http/httpsUnidirection
8ClientCloud DP443httpsUnidirection
9ClientDP80/443http/httpsUnidirection
10ClientDP with Multi Cast63000-64000445Multi Cast/SMBUnidirection
11ClientDP with PXE67/68/69/4011DHCP/TFTP/BINLUnidirection
12ClientFSP80httpUnidirection
13ClientDomain3268/3269LDAP/LDAP SSLUnidirection
14ClientMP10123/80/443Client Notification/http/httpsUnidirection
15ClientSUP80/8530/443/8531http/httpsUnidirection
16ClientSMP80/443/445http/https/SMBUnidirection
17ConsoleClient2701/3389RC/RDP/RTCUnidirection
18ConsoleInternet80httpUnidirection
19ConsoleReporting Service Point80/443http/httpsUnidirection
20ConsoleSite Server135RPC Endpoint MapperUnidirection
21ConsoleSMS Provider135RPC Dy/135RPC endpoint Mapper/RPC DynamicsUnidirection
22NDES Policy ModuleCertificate Registration Point443httpsUnidirection
23DPMP80/443http/httpsUnidirection
24Endpoint ProtectionInternet80httpUnidirection
25Endpoint ProtectionSQL Server1433SQL Over TCPUnidirection
26Enrollment Proxy PointEnrollment Point443httpsUnidirection
27Enrollment PointSQL Server1433SQL Over TCPUnidirection
28Exchange Server ConnectorExchange Online5986WRM with httpsUnidirection
29Exchange Server ConnectorOn Prem Exchange Server5985WRM with httpUnidirection
30Mac ComputerEnrollment Proxy Point443httpsUnidirection
31MPDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
32MPSite Server135/RPC Dyn/445RPC EPM/RPC Dynamic/SMBBidirection
33MPSQL Server1433SQL Over TCPUnidirection
34Mobile DeviceEnrollment Proxy Point443httpsUnidirection
35Mobile DeviceIntune443httpsUnidirection
36Reporting pointSQL Server1433SQL Over TCPUnidirection
37Site ServerApp Catalog Web Service point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
38Site ServerApp Catalog Website Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
39Site ServerAsset Intelligence Synchronization Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
40Site ServerClient (WOL)9WOLUnidirection
41Site ServerCloud DP443httpsUnidirection
42Site ServerDP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
43Site ServerDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
44Site ServerCertificate Registration Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
45Site ServerEnd Point Protection135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
46Site ServerEnrollment Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
47Site ServerEnrollment Proxy Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
48Site ServerFSP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
49Site ServerInternet80httpUnidirection
50Site ServerIssuing CA135135/Dyn RPCRPC EPM/RPC DynamicBidirection
51Site ServerReporting Service Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
52Site ServerSite Server445SMBBidirection
53Site ServerSQL Server1433SQL Over TCPUnidirection
54Site ServerSQL Server135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
55Site ServerSMS Provider135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
56Site ServerSUP445/80/8530/443/8531http/https/SMBBidirection
57Site ServerSMP135445/135RPC EPM/SMBBidirection
58SMS ProviderSQL Server1433SQL Over TCPUnidirection
59SUPInternet80httpUnidirection
60SUPUpstream WSUS Server80-8530/443-8531http/httpsUnidirection
61SQL ServerSQL Server4022/1433SQL Over TCP/SQL SSBUnidirection
62SMPSQL Server1433SQL Over TCPUnidirection
63Service Connection PointIntune443httpsUnidirection
64Site ServerSite System135135/RPC DynRPC EPM/RPC DynamicUnidirection
65Site ServerDomain/DNS53/67/68/137/138139/53DHCP/DNS/NetBIOSUnidirection

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here