Firewall port summary
This section lists a summary of the port numbers that are used for various devices for communication purposes. Ports that you can customize according to your requirements are listed in bold and italics, for example, 1433 and 1521. For more information, see other references in the Security section.
The following table lists the ports that might be used in scanning (part of a consolidating system) and standalone appliances, and BMC Discovery Outpost.
Port | Port assignment | Direction | Use | Reference |
|---|---|---|---|---|
4 | Closed Port | Outbound | Base Device Detection | |
21 | FTP | Outbound | Base Device Detection | |
22 | SSH | Inbound | Appliance CLI access | |
22 | SSH | Outbound | UNIX Discovery | |
23 | telnet | Outbound | UNIX Discovery | |
25 | SMTP | Outbound | Email Relay | |
53 | DNS | Outbound | Domain Name Lookup | |
80 | HTTP | Outbound | Base Device Detection | |
123 | NTP | Outbound | Time Synchronization | |
135 | DCE RPC Endpoint Manager. | Outbound Outbound | Windows Discovery Appliance backup to Windows server | |
139 | Netbios Session Service | Outbound | Appliance backup to Windows server | System communications |
161 | SNMP | Outbound | SNMP Discovery | |
389 | LDAP | Outbound | LDAP UI User Authentication | |
443 | HTTPS | Inbound (UI > Appliance) | Main UI Secure | |
| 443 | HTTPS | Inbound (Outpost > Appliance) | BMC Discovery Outpost to Appliance communication. Note that the connection is always initiated by the Outpost to the Appliance and never the reverse. The appliance never connects to the Outpost. The Outpost connects to the appliance with HTTPS on port 443. It is not necessary to open Outbound HTTPS Port 443 from Appliance to Outpost. | System communications |
| 443 | HTTPS | Outbound | vCenter discovery (Appliance > vCenter) | Network ports used for discovery communications |
445 | Microsoft Directory Services SMB | Outbound | Appliance backup to Windows server | |
513 | rlogin | Outbound | UNIX Discovery | |
636 | LDAPS | Outbound | LDAPS UI User Authentication | |
902 | vSphere API | Outbound | VMware ESX/ESXi Discovery | |
1433 | MS SQL | Outbound | MS SQL Extended Discovery | |
1521 | Oracle SQL | Outbound | Oracle SQL Extended Discovery | |
3306 | MySQL SQL | Outbound | MySQL SQL Extended Discovery | |
3940 | Discovery for z/OS Agent | Outbound | Mainframe Discovery | |
4100 | Sybase SQL | Outbound | Sybase ASE SQL Extended Discovery | |
4321 | CORBA | Outbound | AD Windows proxy | Network ports used for discovery communications |
4323 | CORBA | Outbound | Credential Windows proxy | |
5988 | HTTP | Outbound | WBEM Discovery | |
5989 | HTTPS | Outbound | WBEM Discovery | |
25032 | CORBA | Outbound | Reasoning communication | |
ARTCPPORT Value | AR System | Outbound | CMDB Sync |
Additional ports used in clustered systems
The following ports are used in clustered systems, in addition to those used in scanning and standalone machines.
Port | Port assignment | Direction | Use | Reference |
|---|---|---|---|---|
25030 | CORBA | Inbound | Clustering | |
25031 | CORBA | Inbound | Datastore | |
25032 | CORBA | Inbound | Reasoning communication |
Consolidation Appliance Ports
Consolidation appliance only consolidates data from scanning appliance. Local discovery is not performed during the scans.
Port Number | Port assignment | Direction | Use | Reference |
|---|---|---|---|---|
22 | SSH | Inbound | Appliance CLI access | |
25 | SMTP | Outbound | Email Relay | |
53 | DNS | Outbound | Domain Name Lookup | |
80 | HTTP | Inbound | Main UI Standard | |
123 | NTP | Outbound | Time Synchronization | |
389 | LDAP | Outbound | LDAP UI User Authentication | |
443 | HTTPS | Inbound | Main UI Secure | |
636 | LDAPS | Outbound | LDAPS UI User Authentication | |
ARTCPPORT Value | AR System | Outbound | CMDB Sync | |
25032 | CORBA | Inbound | Consolidation |
Windows proxy Ports
Proxy ports
You can also install multiple proxies of each type on a single host. Consequently, you must check the proxy manager to determine which ports the proxies are using. The defaults are the same as previous releases, but installations of additional proxies use incremental ports. You can also use the proxy manager to modify the port that each proxy uses.
Port Number | Port assignment | Direction | Use | Reference |
|---|---|---|---|---|
135 | DCE RPC Endpoint Manager. | Outbound | Windows Discovery | Network ports used for discovery communications |
139 | Netbios Session Service | Outbound | Windows Discovery | |
445 | Microsoft Directory Services SMB | Outbound | Windows Discovery | |
49152-65535 | DCOM | Outbound | Windows Discovery | |
4321 | CORBA | Inbound | AD Windows proxy | |
4323 | CORBA | Inbound | Credential Windows proxy |
Comments
This Microsoft's documentation should be update the dynamic range: https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements
Hi,
Thanks for your feedback. The port range for DCOM is updated.
Log in or register to comment.