Network ports

Applies To: Forefront Client Security

Before installing Client Security server components, you should verify that the appropriate network ports are open on any server firewall. In some cases, firewalls between Client Security servers should be disabled.

Port usage for Client Security server components

The following table lists the network ports and protocols that are used for communicating between Client Security servers and between the distribution server and Microsoft Update. Depending on the type of firewalls you use and the location of those firewalls, you may need to open these ports.

Component Connection Topologies Port (protocols) Notes

Collection server

To collection database

Five-server and six-server

1433 (TCP and UDP)

None.

Management server

To collection server

Four-server, five-server, and six-server

445 (TCP and UDP), 135 (TCP), and DCOM port range

Using a firewall between these two servers is not supported. The Microsoft Operations Manager (MOM) Administrator and Operator consoles on the management server require a connection to the collection server.

Management server

To collection database

Four-server, five-server, and six-server

1433 (TCP) and 1434 (UDP)

None.

  

To reporting server

Three-server, four-server, five-server, and six-server

80 (TCP) or 443 (TCP)

Port 80 is used for HTTP and port 443 is used for HTTPS.

  

To collection database

Three-server, four-server, and six-server

1433 (TCP) and 1434 (UDP)

Using a firewall between these two databases is not supported.

Reporting server

To collection database

Four-server, five-server, and six-server

1433 (TCP) and 1434 (UDP)

None.

  

To reporting database

Three-server, five-server, and six-server

1433 (TCP) and 1434 (UDP)

None.

Distribution server

To Microsoft Update or upstream Microsoft Windows Server® Update Services (WSUS) server

All

80 (TCP) or 443 (TCP)

To obtain updates from Microsoft Update, the distribution server uses port 80 for HTTP and port 443 for HTTPS.

Port usage for Client Security client components

The following table lists the network ports and protocols that are used for communications between Client Security servers and client computers. Depending on the type of firewalls you use and the location of those firewalls, you may need to open these ports.

Note

These ports do not include the ports used for Group Policy, Domain Name System (DNS), and other standard technologies. For a list of ports used by Microsoft server products, see Network Ports Used by Key Microsoft Server Products (https://go.microsoft.com/fwlink/?LinkId=86643).

Computers Connection Port (protocols)

Client computers

To collection server

1270 (TCP and UDP)

Client computers

To distribution server

80 (TCP) or 8530 (TCP) or custom