What ports do I need to open for (insert product here) to work?
Are you setting up a router or a firewall, perhaps setting up a domain trust, connecting some Forests, or remotely managing your environment, and you need to know what ports must be opened for (Active Directory, MOM, SMTP, whatever…) to work?
We have a KB article for that:
KB 832017
Service overview and network port requirements for the Windows Server system
For example, the following port are needed for Active Directory:
Active Directory (Local Security Authority)
Active Directory runs under the LSASS process and includes the authentication and replication engines for Windows 2000 and Windows Server 2003 domain controllers. Domain controllers, client computers and application servers require network connectivity to Active Directory over specific hard-coded ports in addition to a range of ephemeral TCP ports between 1024 and 65536 unless a tunneling protocol is used to encapsulate such traffic, An encapsulated solution might consist of a VPN gateway located behind a filtering router using Layer 2 Tunneling Protocol (L2TP) together with IPsec. In this encapsulated scenario, you must allow IPsec Encapsulating Security Protocol (ESP) (IP protocol 50), IPsec Network Address Translator Traversal NAT-T (UDP port 4500), and IPsec Internet Security Association and Key Management Protocol (ISAKMP) (UDP port 500) through the router as opposed to opening all the ports and protocols listed below. Finally, the port used for Active Directory replication may be hard-coded as described in the following article in the Microsoft Knowledge Base:
224196 (https://support.microsoft.com/kb/224196/) Restricting Active Directory replication traffic and client RPC traffic to a specific port
Note Packet filters for L2TP traffic are not required, because L2TP is protected by IPsec ESP.
System service name: LSASS
Application protocol |
Protocol |
Ports |
Global Catalog Server |
TCP |
3269 |
Global Catalog Server |
TCP |
3268 |
LDAP Server |
TCP |
389 |
LDAP Server |
UDP |
389 |
LDAP SSL |
TCP |
636 |
LDAP SSL |
UDP |
636 |
IPsec ISAKMP |
UDP |
500 |
NAT-T |
UDP |
4500 |
RPC |
TCP |
135 |
RPC randomly allocated high TCP ports |
TCP |
1024 - 65536 |
The article is updated regularly, and is very handy to have bookmarked!
Comments
Anonymous
January 01, 2003
Hello- The type of network should not play a role. MPLS should perform the same as an analog modem WAN Link. The same list of ports should apply. -SeanAnonymous
January 01, 2003
Need to know what port to open to allow updates to happen over a MPLS network...Anonymous
June 10, 2015
US home solar power system capacity increase of 76% over last year, to 437 megawatts (MW) ,Solar Batterieshttp://www.poweroak.net the nation's new generating capacity, more than half of which is a photovoltaic power generation. The report shows that a quarter of the US solar power capacity by 1.3 gigawatts (GW), the sixth consecutive quarterly increase of over 1 GW. The total annual installed capacity is expected to reach 7.9 GW, Solar Power Peneratorhttp://www.poweroak.net , Solar Power Pack http://www.poweroak.net representing an increase of 27%.
The report predicts that by 2016 solar power will meet the electricity needs of about 800 million households in the United States to offset 45 million metric tons of carbon emissions, equivalent to removing 10 million cars. energy storage systemhttp://www.poweroak.net/energy-storage-system-c-1.html