SCCM Firewall Ports Download the List of ConfigMgr Firewall Ports

SCCM Firewall Ports and communications between Current Branch Site servers, Site Systems, Domain Controllers, and Clients are important when you perform SCCM CB architecture and design.  In this post, I’ll share the spreadsheet that contains the details of the SCCM Firewall Ports requirement. The latest SCCM communication port details are available “Ports used in System Center Configuration Manager“.

Do you know RPC Dynamic Ports ? TCP 49152-65535

In general, we can segregate the Firewall ports into two categories 1. Configurable ports (custom ports) and 2. Non Configurable ports. I cover only the default recommended ports documented in the TechNet here. Also, additional communication ports mentioned here are not covered in the list below and spreadsheet.

When you have SCCM CB hierarchy with CAS and primary servers then you need to be more conscious about the SCCM Firewall ports requirement. I have a post related to this topic which talks about SCCM Firewall ports Requirements here (there is not much change between SCCM Firewall ports).

Patch My PC

Update : Internet access requirement or proxy exception list for SCCM CB is also very important when you deploy SCCM current branch within organizations. TechNet documentation about SCCM CB internet access requirements are here.

Download List of SCCM Firewall Ports here

SCCM Firewall Ports
Asset Intelligence Synchronization PointMicrosoft 443httpsUnidirection
Asset Intelligence Synchronization PointSQL Server 1433SQL Over TCPUnidirection
App Catalog Web Service PointSQL Server 1433SQL Over TCPUnidirection
App Catalog Website PointApp Catalog Web Service Point 80/443http/httpsUnidirection
ClientApp Catalog Website Point 80/443http/httpsUnidirection
ClientClient (wol) 9/25536WOL/WUPUnidirection
ClientNDES 80/443http/httpsUnidirection
ClientCloud DP 443httpsUnidirection
ClientDP 80/443http/httpsUnidirection
ClientDP with Multi Cast63000-64000445Multi Cast/SMBUnidirection
ClientDP with PXE67/68/69/4011 DHCP/TFTP/BINLUnidirection
ClientFSP 80httpUnidirection
ClientDomain 3268/3269LDAP/LDAP SSLUnidirection
ClientMP 10123/80/443Client Notification/http/httpsUnidirection
ClientSUP 80/8530/443/8531http/httpsUnidirection
ClientSMP 80/443/445http/https/SMBUnidirection
ConsoleClient 2701/3389RC/RDP/RTCUnidirection
ConsoleInternet 80httpUnidirection
ConsoleReporting Service Point 80/443http/httpsUnidirection
ConsoleSite Server 135RPC Endpoint MapperUnidirection
ConsoleSMS Provider135RPC Dy/135RPC endpoint Mapper/RPC DynamicsUnidirection
NDES Policy ModuleCertificate Registration Point 443httpsUnidirection
DPMP 80/443http/httpsUnidirection
Endpoint ProtectionInternet 80httpUnidirection
Endpoint ProtectionSQL Server 1433SQL Over TCPUnidirection
Enrollment Proxy PointEnrollment Point 443httpsUnidirection
Enrollment PointSQL Server 1433SQL Over TCPUnidirection
Exchange Server ConnectorExchange Online 5986WRM with httpsUnidirection
Exchange Server ConnectorOn Prem Exchange Server 5985WRM with httpUnidirection
Mac ComputerEnrollment Proxy Point 443httpsUnidirection
MPDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
MPSite Server 135/RPC Dyn/445RPC EPM/RPC Dynamic/SMBBidirection
MPSQL Server 1433SQL Over TCPUnidirection
Mobile DeviceEnrollment Proxy Point 443httpsUnidirection
Mobile DeviceIntune 443httpsUnidirection
Reporting pointSQL Server 1433SQL Over TCPUnidirection
Site ServerApp Catalog Web Service point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerApp Catalog Website Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerAsset Intelligence Synchronization Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerClient (WOL)9 WOLUnidirection
Site ServerCloud DP 443httpsUnidirection
Site ServerDP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerDOMAIN135/636389/636/3268/3269/135/RPC DyLDAP/GC LDAP/RPC EPM/RPC DynamicUnidirection
Site ServerCertificate Registration Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnd Point Protection135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnrollment Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerEnrollment Proxy Point135445/135/Dyn RPCRPC EPM/RPC Dynamic/SMBBidirection
Site ServerFSP135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerInternet 80httpUnidirection
Site ServerIssuing CA135135/Dyn RPCRPC EPM/RPC DynamicBidirection
Site ServerReporting Service Point135445/135/RPC DynRPC EPM/RPC Dynamic/SMBBidirection
Site ServerSite Server 445SMBBidirection
Site ServerSQL Server 1433SQL Over TCPUnidirection
Site ServerSQL Server135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerSMS Provider135445/135/RPC DynRPC EPM/RPC Dynamic/SMBUnidirection
Site ServerSUP 445/80/8530/443/8531http/https/SMBBidirection
Site ServerSMP135445/135RPC EPM/SMBBidirection
SMS ProviderSQL Server 1433SQL Over TCPUnidirection
SUPInternet 80httpUnidirection
SUPUpstream WSUS Server 80-8530/443-8531http/httpsUnidirection
SQL ServerSQL Server 4022/1433SQL Over TCP/SQL SSBUnidirection
SMPSQL Server 1433SQL Over TCPUnidirection
Service Connection PointIntune 443httpsUnidirection
Site ServerSite System135135/RPC DynRPC EPM/RPC DynamicUnidirection
Site ServerDomain/DNS53/67/68/137/138139/53DHCP/DNS/NetBIOSUnidirection