For those of you with strict networking rules and firewalls controlling traffic between client and servers, for example using Microsoft Domain & Server Isolation, here is a list of all needed ports for Specops Deploy, grouped by the different functions and roles.
Here is the information in a Excel file, for easier reading.
You will find a definition of the protocols at the end of the list.
Specops Deploy / App
|
|||
Name
|
Source and
Destination |
Description
|
|
Microsoft CIFS (SMB)
|
Clients to Installation Share
|
To download
and install software |
|
Microsoft CIFS (SMB)
|
Clients to
Specops Deploy / App Server |
To report
feedback to Deployment Server |
|
Specops Deploy
Feedback |
Admin PC to
Specops Deploy / App Server |
To read Feedback
from Deployment Server |
|
SQL over TCP
|
Deployment
Server to SQL Server |
To read and
store Feedback information |
|
Specops Deploy / OS
|
|||
Capture Client
|
|||
Name
|
Source and
Destination |
Description
|
|
IKE Client
|
Capture Client
to Image Server |
Internet Key
Exchange (IKE) Protocol |
|
Microsoft CIFS (SMB)
|
Capture Client
to Image Server |
Connect to MDT
Network Share |
|
Microsoft DS-Traffic
|
Capture Client
to Image Server |
Upload Capture to Server
|
|
PXE Boot and Installation
|
|||
Name
|
Source and
Destination |
Description
|
|
Boot Relay
|
Clients to Deployment
Server |
PXE Booting
|
|
IKE Client
|
Clients to Deployment
Server |
Internet Key
Exchange (IKE) Protocol |
|
Microsoft CIFS (SMB)
|
Clients to Deployment
Server |
Connect to MDT
Share and download Image |
|
TFTP
|
Clients to Deployment
Server |
Download WinPE
|
|
Multicast Traffic
|
Clients to Deployment
Server |
To use
Multicast, else falling back to Unicast |
|
Admin Tools to Reinstall a PC
|
|||
Name
|
Source and
Destination |
Description
|
|
Microsoft CIFS (SMB)
|
Admin PC to Clients
|
To read GUID
and Trigger Reboot |
|
RPC
|
Admin PC to Clients
|
To read GUID
and Trigger Reboot |
|
RPC High
Ports |
Admin PC to Clients
|
To read GUID
and Trigger Reboot |
|
Deployment and Image Server Communication
|
|||
Name
|
Source and
Destination |
Description
|
|
Microsoft CIFS (SMB)
|
Twoway between Image and
Deployment Servers |
Installation/Upgrade
of Servers, DFS-R |
|
RPC
|
Twoway between Image and
Deployment Servers |
Installation/Upgrade
of Servers, DFS-R |
|
RPC High
Ports |
Twoway between Image and
Deployment Servers |
Installation/Upgrade
of Servers, DFS-R |
|
Deployment Server Remoting
|
Twoway between Image and
Deployment Servers |
Installation/Upgrade
of Servers, DFS-R |
|
Admin Tools to Image and Deployment Servers
|
|||
Name
|
Source and
Destination |
Description
|
|
Microsoft CIFS (SMB)
|
Admin PC to
Image and Deployment Servers |
Upload of
Images, Drivers etc |
|
Netbios Name Service
|
Admin PC to
Image and Deployment Servers |
Upload of
Images, Drivers etc |
|
Netbios Session
|
Admin PC to
Image and Deployment Servers |
Upload of
Images, Drivers etc |
|
RPC
|
Admin PC to
Image and Deployment Servers |
Configuration, Restart Services, etc
|
|
RPC High
Ports |
Admin PC to
Image and Deployment Servers |
Configuration, Restart Services, etc
|
|
Specops Deployment
Server Remoting |
Admin PC to
Deployment Servers |
Status Information, Error Reporting Etc
|
|
Specops Image Server Remoting
|
Admin PC to
Image Server |
Status Information, Error Reporting Etc
|
|
General Ports
used in Testing. |
|||
Name
|
Source and
Destination |
Description
|
|
DHCP Request
|
Clients to
DHCP and Deployment Servers |
To PXE Boot
and get DHCP Addresses |
|
DHCP Relay
|
DHCP and
Deployment Servers to Clients |
To PXE Boot
and get DHCP Addresses |
|
DNS
|
DNS Servers
(DC's) to Internet |
For DNS
Servers to allow name resolution. |
|
DNS
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
IKE Client
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Kerberos-SEC (TCP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Kerberos-SEC (UDP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAP
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAP (Ping)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAP (UDP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAP (GC)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAPS
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
LDAPS (GC)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Microsoft CIFS (TCP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Microsoft CIFS (UDP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Netbios Datagram
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Netbios Name Service
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Netbios Sessions
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
NTP (UDP)
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
Ping
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
RPC
|
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
RPC High
Ports |
Clients and
Servers to DC’s |
General AD
Traffic to DC’s |
|
HTTP
|
Clients and
Servers to Internet |
General Web
Traffic (Windows Update etc) |
|
HTTPS
|
Clients and
Servers to Internet |
General Web
Traffic (Windows Update etc) |
|
Protocol Definition
|
|||
Name
|
Port
|
Description
|
|
Microsoft CIFS
|
445/TCP
|
Fileshare Traffic
|
|
SQL over TCP
|
1433/TCP
|
SQL Server communication
|
|
IKE Client
|
500/UDP
|
Internet Key
Exchange (IKE) Protocol |
|
Microsoft-DS Traffic
|
445/TCP, 445/UDP
|
Fileshare Traffic
|
|
Boot Relay
|
4011/UDP
|
PXE Booting
|
|
TFPT
|
69/UDP
|
Download WinPE
|
|
RPC
|
135/TCP
|
Remote Actions
|
|
RPC High
Ports |
49152-65535/TCP
|
For Vista and later
|
|
Specops Deployment
Server Remoting |
4375/TCP
|
Status Information, Error Reporting Etc
|
|
Specops Image Server Remoting
|
4376/TCP
|
Status Information, Error Reporting Etc
|
|
Specops Deploy
Feedback |
4373/TCP
|
Feedback for
Specops Deploy / App |
|
Impressive documentation, I wish every software maker could provide such a detailed information!!
ReplyDelete