NP – this is a work in progress and firewall rules will be added over time.
Below details the firewall rules required for the below products:
a.) Windows Cluster Services
b.) SQL Server Standalone and Always On.
c.) SCCM
d.) SCOM
e.) Active Directory.
Firewall Rules
Windows Cluster Services
| Description | Protocol | Ports |
| Cluster Service | UDP | 3343 |
| Cluster Service | TCP | 3343 – required during node join operators. |
| RPC | TCP | 135 |
| Cluster Administrator | UDP | 137 |
| Randomly Allocated Port | UDP | Between 1024 and 65535
Between 49152 and 65535. |
SQL Server Standalone Instance.
| Description | Protocol | Ports |
| SQL Server TCP/IP Port | TCP | 1433 |
| Dedicated Admin Connection | TCP | 1434 |
| SQL Server Browser Service | UDP | 1434 |
| SQL Server Transact-SQL Debugger | TCP | 135 |
SQL Server Always-On Instance.
| Application | Protocol | Ports |
| SQL Server TCP/IP Port | TCP | 1433 |
| Dedicated Admin Connection | TCP | 1434 |
| SQL Server Browser Service | UDP | 1434 |
| SQL Server Transact-SQL Debugger | TCP | 135 |
| SQL Server Always-On Endpoint | TCP | 5022 |
| SQL Server Service Broker | TCP | 4022 |
| SQL Server Listener | TCP | 14330 |
SCCM.
| Application | Protocol | Ports | Server |
| Cluster Service | UDP | 3343 | SCCM Server |
| PXE Distribution Point | UDP | 67 | SCCM Server |
| UDP | 68 | SCCM Server | |
| UDP | 69 | SCCM Server | |
| UDP | 4011 | SCCM Server | |
| Distribution Point | TCP | 80 | SCCM Server |
| Distribution Point – SSL | TCP | 443 | SCCM Server |
| Software Update Point | TCP | 8530 | SCCM Server |
| Software Update Point – SSL | TCP | 8531 | SCCM Server |
| Management Point | TCP | 10123 | SCCM Server |
| Wake on Lan | UDP | 9 | SCCM Client Servers |
| WMI | TCP | 135 | SCCM Client Servers |
| Windows File Share | TCP | 445 | SCCM Client Servers |
| Remote Control | TCP | 2701 | SCCM Client Servers |
| Remote Assistance and Desktop | TCP | 3389 | SCCM Client Servers |
SCOM.
| Application | Protocol | Ports | Server |
| Cluster Service | UDP | 3343 | SCOM Server |
| Management Server | TCP | 5723 | SCOM Server |
| TCP | 5724 | SCOM Server | |
| TCP | 51905 | SCOM Server | |
| TCP | 51907 | SCOM Server | |
| TCP | 51906 | SCOM Server | |
| Web Console – http | TCP | 80 | SCOM Server |
| Web Console – https | TCP | 443 | SCOM Server |
| SCOM Database | TCP | 1433 | Database Server |
| UDP | 1434 | Database Server | |
| SCOM Agents | TCP | 5723 | SCOM Agent Servers |
| UDP | 137 | SCOM Agent Servers | |
| UDP | 138 | SCOM Agent Servers | |
| TCP | 139 | SCOM Agent Servers | |
| TCP | 445 | SCOM Agent Servers | |
| TCP | 135 | SCOM Agent Servers |
Active Directory.
| Application | Protocol | Ports |
| RPC Endpoint Mapper | TCP | 135 |
| UDP | 135 | |
| NetBIOS Name Service | TCP | 137 |
| UDP | 137 | |
| NetBIOS Datagram Service | UDP | 138 |
| NetBIOS Session Service | TCP | 139 |
| SMB over IP | TCP | 445 |
| UDP | 445 | |
| LDAP | TCP | 389 |
| UDP | 389 | |
| LDAP – SSL | TCP | 636 |
| Kerberos | TCP | 88 |
| UDP | 88 | |
| DNS | TCP | 53 |
| UDP | 53 | |
| WINS Resolution | TCP | 1512 |
| UDP | 1512 | |
| WINS Replication | TCP | 42 |
| UDP | 42 |
1 Giant Nerd 