Windows server ports
Communication from clients to Windows NT systems and between various services can use a variety of TCP and UDP port numbers.
Caution
Do not open all these ports in a production environment to determine which one of them is required, other than for testing purposes. Open only the required ports, and if possible, only for the binaries of the services required. The Windows NT system uses various protocols and services.
These services may use any of the following port numbers:
Protocol | TCP# | UDP# |
|---|---|---|
HTTP | 80,443,593 | - |
Named Pipes | 445 | - |
RPC Endpoint Mapper | 135 | - |
RPC Server Programs | 1025-5000 nd/or 49152-65535 | - |
NetBIOS | 137-139 | 137-139 |
LDAP or LDAPS | 389 or 636 | 389 |
DNS 53 | 53 | 53 |
Kerberos | 88 | 88 |
Additional services available on Windows NT systems, which may require specific ports, include:
Protocol | TCP# | UDP# |
|---|---|---|
Kerberos password change | 464 | 464 |
25 | - | |
Replication | 135 | - |
File replication | 5722 | - |
AD web services | 9389 | - |
Replication | 3268-3269 | - |
DHCP | - | 67,68 |
GPO | 135, 137-139, 445 | 137-138 |
Best practice
Microsoft may modify the API or protocol behavior, such that some of the above ports may start getting connections after a patch is applied to clients and servers. Moreover, Microsoft may introduce new services or further expand the port numbers used by the RPC services mentioned above. As a result, the best practice is to avoid firewall restrictions based on TCP or UDP port numbers between Bravura Security Fabric server and Windows Server systems.
For more information, see Microsoft documentation: Service overview and network port requirements - Windows Server