Download the List of SCCM Firewall Ports

3

Firewall ports and communications between SCCM Current Branch Site servers, Site Systems, Domain Controllers and Clients are important when you perform SCCM CB architecture and design.  In this post, I’ll share the spreadsheet that contain the details of SCCM Firewall Ports requirement. Latest SCCM communication port details are available “Ports used in System Center Configuration Manager“.

In general, we can segregate the Firewall ports in two categories 1. Configurable ports (custom ports) and 2. Non Configurable ports. I cover only the default recommended ports documented in the TechNet here. Also, additional communication ports mentioned here are not covered in the list below and spreadsheet.

When you have SCCM CB hierarchy with CAS and primary servers then you need to be more conscious about the SCCM Firewall ports requirement. I have a post related to this topic which talks about SCCM Firewall ports Requirements here (there is not much change between SCCM Firewall ports).

Update : Internet access requirement or proxy exception list for SCCM CB is also very important when you deploy SCCM current branch within organizations. TechNet documentation about SCCM CB internet access requirements are here.

Download List of SCCM Firewall Ports here

SCCM Firewall Ports

FromToUDPTCP – SCCM Firewall PortsSCCM Firewall Ports DescriptionSCCM Firewall Ports Direction
Asset Intelligence Synchronization PointMicrosoft443httpsUnidirection
Asset Intelligence Synchronization PointSQL Server1433SQL Over TCPUnidirection
App Catalog Web Service PointSQL Server1433SQL Over TCPUnidirection
App Catalog Website PointApp Catalog Web Service Point80/443http/httpsUnidirection
ClientApp Catalog Website Point80/443http/httpsUnidirection
ClientClient (wol)9/25536WOL/WUPUnidirection
ClientNDES80/443http/httpsUnidirection
ClientCloud DP443httpsUnidirection
ClientDP80/443http/httpsUnidirection
ClientDP with Multi Cast63000-64000445Multi Cast/SMBUnidirection
ClientDP with PXE67/68/69/4011DHCP/TFTP/BINLUnidirection
ClientFSP80httpUnidirection
ClientDomain3268/3269LDAP/LDAP SSLUnidirection
ClientMP10123/80/443Client Notification/http/httpsUnidirection
ClientSUP80/8530/443/8531http/httpsUnidirection
ClientSMP80/443/445http/https/SMBUnidirection
ConsoleClient2701/3389RC/RDP/RTCUnidirection
ConsoleInternet80httpUnidirection
ConsoleReporting Service Point80/443http/httpsUnidirection
ConsoleSite Server135RPC Endpoint MapperUnidirection
ConsoleSMS Provider135RPC Dy/135RPC endpoint Mapper/RPC DynamicsUnidirection
NDES Policy ModuleCertificate Registration Point443httpsUnidirection
DPMP80/443http/httpsUnidirection
Endpoint ProtectionInternet80httpUnidirection
Endpoint ProtectionSQL Server1433SQL Over TCPUnidirection
Enrollment Proxy PointEnrollment Point443httpsUnidirection
Enrollment PointSQL Server1433SQL Over TCPUnidirection
Exchange Server ConnectorExchange Online5986WRM with httpsUnidirection
Exchange Server ConnectorOn Prem Exchange Server5985WRM with httpUnidirection
Mac ComputerEnrollment Proxy Point443httpsUnidirection
MPDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
MPSite Server135/RPC Dyn/445RPC EPM/RPC Dynamic/SMBBidirection
MPSQL Server1433SQL Over TCPUnidirection
Mobile DeviceEnrollment Proxy Point443httpsUnidirection
Mobile DeviceIntune443httpsUnidirection
Reporting pointSQL Server1433SQL Over TCPUnidirection
Site ServerApp Catalog Web Service point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerApp Catalog Website Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerAsset Intelligence Synchronization Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerClient (WOL)9WOLUnidirection
Site ServerCloud DP443httpsUnidirection
Site ServerDP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
Site ServerCertificate Registration Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnd Point Protection135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnrollment Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnrollment Proxy Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerFSP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerInternet80httpUnidirection
Site ServerIssuing CA135135/Dyn RPCRPC EPM/RPC DynamicBidirection
Site ServerReporting Service Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerSite Server445SMBBidirection
Site ServerSQL Server1433SQL Over TCPUnidirection
Site ServerSQL Server135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerSMS Provider135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerSUP445/80/8530/443/8531http/https/SMBBidirection
Site ServerSMP135445/135RPC EPM/SMBBidirection
SMS ProviderSQL Server1433SQL Over TCPUnidirection
SUPInternet80httpUnidirection
SUPUpstream WSUS Server80-8530/443-8531http/httpsUnidirection
SQL ServerSQL Server4022/1433SQL Over TCP/SQL SSBUnidirection
SMPSQL Server1433SQL Over TCPUnidirection
Service Connection PointIntune443httpsUnidirection
Site ServerSite System135135/RPC DynRPC EPM/RPC DynamicUnidirection
Site ServerDomain/DNS53/67/68/137/138139/53DHCP/DNS/NetBIOSUnidirection

 

 

3 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.