Configuration Manager Firewall Ports Requirement

Tamilkovan21st November 2020SCCMConfigmgr Firewall, SCCM Firewall ports

The below listed Firewall ports are required to allow in Microsoft Endpoint Manager infrastructure during the implementation in order to get Site communication, client communication, Distribution Point and WSUS/SUP communication . I gathered this information from TechNet articles

Reference Link https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports?redirectedfrom=MSDN

Source	Destination	UDP	TCP	Description	Direction
Client	Management Point		10123/80/443	Client Notification/http/https	Uni
Client	Software Update Point		80/8530/443/8531	http/https	Uni
Client	State Migration Point		80/443/445	http/https/SMB	Uni
Client	NDES		80/443	http/https	Uni
Client	Distribution Point		80/443	http/https	Uni
Client	DP with Multi Cast	63000-64000	445	Multi Cast/SMB	Uni
Client	DP with PXE	67/68/69/4011		DHCP/TFTP/BINL	Uni
Client	Fallback Status Point		80	http	Uni
Client	App Catalog Website Point		80/443	http/https	Uni
Client	State Migration Point		80/443/445	http/https/SMB	Uni
Distribution Point	Management Point		80/443	http/https	Uni
Site Server	SQL Server		1433	SQL Over TCP	Uni
Reporting point	SQL Server		1433	SQL Over TCP	Uni
Asset Intelligence Sync Point	SQL Server		1433	SQL Over TCP	Uni
App Catalog Web Serv Point	SQL Server		1433	SQL Over TCP	Uni
Management Point	SQL Server		1433	SQL Over TCP	Uni
SMS Provider	SQL Server		1433	SQL Over TCP	Uni
State Migration Point	SQL Server		1433	SQL Over TCP	Uni
Management Point	Site Server		135/RPC Dyn/445	RPC EPM/RPC Dynamic/SMB	Bi
Software Update Point	Upstream WSUS Server		80-8530/443-8531	http/https	Uni
SQL Server	SQL Server		4022/1433	SQL Over TCP/SQL SSB	Uni
Site Server	Software Update Point		445/80/8530/443/8531	http/https/SMB	Bi
Site Server	Site Server		445	SMB	Bi
Site Server	App Catalog Web Serv point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	App Catalog Website Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Asset Intelligence Sync Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Distribution Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Uni
Site Server	Certificate Registration Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	End Point Protection	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Enrollment Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Enrollment Proxy Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Fallback Status Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	Reporting Service Point	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Bi
Site Server	SQL Server	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Uni
Site Server	SMS Provider	135	445/135/RPC Dyn	RPC EPM/RPC Dynamic/SMB	Uni
Site Server	State Migration Point	135	445/135	RPC EPM/SMB	Bi
Site Server	Site System	135	135/RPC Dyn	RPC EPM/RPC Dynamic	Uni

Thank You!

Published by Tamilkovan

My name is Tamil Kovan and I work as a Technical Manager at PCCW Solutions. This is my blog where I will share tips and stuff for my own on System Center related topics. View more posts

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: