What ports do I need to open for (insert product here) to work?


Are you setting up a router or a firewall, perhaps setting up a domain trust, connecting some Forests, or remotely managing your environment, and you need to know what ports must be opened for (Active Directory, MOM, SMTP, whatever…) to work?

We have a KB article for that:

KB 832017
Service overview and network port requirements for the Windows Server system

For example, the following port are needed for Active Directory:

Active Directory (Local Security Authority)

Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephemeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in the following article in the Microsoft Knowledge Base:

224196 (http://support.microsoft.com/kb/224196/) Restricting Active Directory replication traffic and client RPC traffic to a specific port

Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.

System service name: LSASS

Application protocol

Protocol

Ports

Global Catalog Server

TCP

3269

Global Catalog Server

TCP

3268

LDAP Server

TCP

389

LDAP Server

UDP

389

LDAP SSL

TCP

636

LDAP SSL

UDP

636

IPsec ISAKMP

UDP

500

NAT-T

UDP

4500

RPC

TCP

135

RPC randomly allocated high TCP ports

TCP

1024 – 65536

 

The article is updated regularly, and is very handy to have bookmarked!

Comments (8)

  1. smearp says:

    Hello-

    The type of network should not play a role. MPLS should perform the same as an analog modem WAN Link.  The same list of ports should apply.

    -Sean

  2. Anonymous says:

    Need to know what port to open to allow updates to  happen over a MPLS network…

  3. dsa says:

    US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batteries
    http://www.poweroak.net the nation’s new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive
    quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Penerator
    http://www.poweroak.net , Solar Power Pack
    http://www.poweroak.net representing an increase of 27%.
    The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage system
    http://www.poweroak.net/energy-storage-system-c-1.html

  4. za says:

    Call ZUHI . We provide High quality Escorts service in Mumbai. Here you will get fantastic Escorts Girls, Service offering by our beautiful escorts models. 3/5/7 Star hotel and home 24 hrs service in all Mumbai.
    http://zuhi.biz
    http://zuhi.biz/about.html
    http://zuhi.biz/gallery.html
    http://zuhi.biz/contact.html

  5. we says:

    Call PIYA: Mumbai Escorts. If you wish to obtain escorts in Mumbai, Piya.biz is the place for you, your source for different type of College girls, Models, Airhostess, Housewife, Russian, Mumbai call girls and independent call girls in Mumbai.
    http://piya.biz

    http://piya.biz/about.html
    http://piya.biz/gallery.html
    http://piya.biz/contact.html

  6. sa says:

    Call SARA: we provide High quality Escorts service in Mumbai city. Here you will get fantastic Escorts Girls like College girls, Models, Airhostess, Housewife, Russian, Mumbai call girls and independent call girls in Mumbai for full service.
    http://daut.in
    http://daut.in/gallery.html
    http://daut.in/services.html
    http://daut.in/contact.html

  7. er says:

    Doxy.in offers you the finest escort’s in Mumbai. Call 24 hrs Ms Nimita to find quality Mumbai escorts service like Airhostess, Models, College girls, Housewife, working girls, Russian and more.
    http://doxy.in

    http://doxy.in/about.html
    http://doxy.in/gallery.html
    http://doxy.in/contact.html

  8. qe says:

    Call Prachi for 24/7 sexy Mumbai escorts direct to your room in 20 minutes or less. Pink Angels of Mumbai have girls who come from a range of backgrounds and include glamour, fashion and young students. They are all beautiful, elegant, sexy, warm, fresh,
    sweet, young and stunning. http://pinkangelsofmumbai.in

    http://pinkangelsofmumbai.in/about.html
    http://pinkangelsofmumbai.in/gallery.html
    http://pinkangelsofmumbai.in/contact.html