Preparing your network for installation
Applies To: Forefront Client Security
Before installing Client Security server components, you should verify that the appropriate network ports are open on any server firewall. In some cases, firewalls between Client Security servers should be disabled.
The following tables list the network ports and protocols that are used for communicating between Client Security servers and between the distribution server and Microsoft Update. Depending on the type of firewalls you use and the location of those firewalls, you may need to open these ports.
Port usage for Client Security server components
| Component | Connection | Topologies | Port (protocols) | Notes |
|---|---|---|---|---|
Collection server |
To collection database |
Five-server and six-server |
1433 (TCP and UDP) |
None. |
Collection database |
To collection server |
All |
135 (TCP), ephemeral ports |
Used for WMI communication between collection database and collection server. |
Management server |
To collection server |
Four-server, five-server, and six-server |
445 (TCP and UDP), 135 (TCP), and DCOM port range |
Using a firewall between these two servers is not supported. The Microsoft Operations Manager (MOM) Administrator and Operator consoles on the management server require a connection to the collection server. |
Management server |
To collection database |
Four-server, five-server, and six-server |
1433 (TCP) and 1434 (UDP) |
None. |
Management server |
To reporting server |
Three-server, four-server, five-server, and six-server |
80 (TCP) or 443 (TCP) |
Port 80 is used for HTTP and port 443 is used for HTTPS. |
Reporting database |
To collection database |
Three-server, four-server, and six-server |
1433 (TCP) and 1434 (UDP) |
Using a firewall between these two databases is not supported. |
Reporting server |
Collection database |
Four-server, five-server, and six-server |
1433 (TCP) and 1434 (UDP) |
None. |
Reporting server |
Reporting database |
All |
1433 (TCP), 1434 (UDP), and ephemeral |
None. |
Distribution server |
To Microsoft Update or upstream WSUS server |
All |
80 (TCP) or 443 (TCP) |
To obtain updates from Microsoft Update, the distribution server uses port 80 for HTTP and port 443 for HTTPS. |
Opening ports in Windows Firewall
For instructions about opening ports by using Group Policy, see Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2 (https://go.microsoft.com/fwlink/?LinkId=86556).
To open ports manually, you can follow the steps in this procedure.
To open ports in Windows Firewall
Click Start, click Control Panel, and then double-click Windows Firewall.
Click the Exceptions tab, and then click Add Port.
In the Name box, type the name that you want.
In the Port number box, type the port number.
Select TCP or UDP.