Preparing your network for installation

Applies To: Forefront Client Security

Before installing Client Security server components, you should verify that the appropriate network ports are open on any server firewall. In some cases, firewalls between Client Security servers should be disabled.

The following tables list the network ports and protocols that are used for communicating between Client Security servers and between the distribution server and Microsoft Update. Depending on the type of firewalls you use and the location of those firewalls, you may need to open these ports.

Port usage for Client Security server components

Component Connection Topologies Port (protocols) Notes

Collection server

To collection database

Five-server and six-server

1433 (TCP and UDP)

None.

Collection database

To collection server

All

135 (TCP), ephemeral ports

Used for WMI communication between collection database and collection server.

Management server

To collection server

Four-server, five-server, and six-server

445 (TCP and UDP), 135 (TCP), and DCOM port range

Using a firewall between these two servers is not supported. The Microsoft Operations Manager (MOM) Administrator and Operator consoles on the management server require a connection to the collection server.

Management server

To collection database

Four-server, five-server, and six-server

1433 (TCP) and 1434 (UDP)

None.

Management server

To reporting server

Three-server, four-server, five-server, and six-server

80 (TCP) or 443 (TCP)

Port 80 is used for HTTP and port 443 is used for HTTPS.

Reporting database

To collection database

Three-server, four-server, and six-server

1433 (TCP) and 1434 (UDP)

Using a firewall between these two databases is not supported.

Reporting server

Collection database

Four-server, five-server, and six-server

1433 (TCP) and 1434 (UDP)

None.

Reporting server

Reporting database

All

1433 (TCP), 1434 (UDP), and ephemeral

None.

Distribution server

To Microsoft Update or upstream WSUS server

All

80 (TCP) or 443 (TCP)

To obtain updates from Microsoft Update, the distribution server uses port 80 for HTTP and port 443 for HTTPS.

Opening ports in Windows Firewall

For instructions about opening ports by using Group Policy, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (https://go.microsoft.com/fwlink/?LinkId=86556).

To open ports manually, you can follow the steps in this procedure.

To open ports in Windows Firewall

  1. Click Start, click Control Panel, and then double-click Windows Firewall.

  2. Click the Exceptions tab, and then click Add Port.

  3. In the Name box, type the name that you want.

  4. In the Port number box, type the port number.

  5. Select TCP or UDP.