Hi fellow SharePoint lovers!
(Find the 2016 version here)
Have you ever wondered? What ports do I need to open? Why can’t the web server access the Databases…what does that event mean? For example in SharePoint 2010 we had the ‘Cannot connect to SQL Server – Event 3355‘, perhaps you need to know simply for the docmentation you want to leave behind?
Wonder no more. I have here tried to compile a complete list of all the ports used. Most are configured by SharePoint but some needs to be manualy configured and it all depends on hw you have installed and configured your farm in the first Place.
I hope that the list will be of use! Please let me know if I have missed anything related, however remote…
List of ports used by SharePoint 2013 and its related services.
Reference links at the end.
Protocol | Port | Usage | Comment |
TCP | 80 | http | Client to SharePoint web server traffic (SharePoint – Office Web Apps communication) |
TCP | 443 | https/ssl | Encrypted client to SharePoint web server traffic (Encrypted SharePoint – Office Web Apps communication) |
TCP | 1433 | SQL Server default communication port. | May be configured to use custom port for increased security |
UDP | 1434 | SQL Server default port used to establish connection | May be configured to use custom port for increased security |
TCP | 445 | SQL Server using named pipes | When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445 |
TCP | 25 | SMTP for e-mail integration | Cannot be configured |
TCP | 16500-16519 | Ports used by the search index component | Intra-farm only Inbound rule Added to Windows firewall by SharePoint |
TCP | 22233-22236 | Ports required for the AppFabric Caching Service | Distributed Cache… |
TCP | 808 | Search – Query processing component Windows Communication Foundation communication |
Search – Query processing component WCF |
TCP | 32843 | Communication between Web servers and service applications | http (default) To use custom port, see references section Inbound rule Added to Windows firewall by SharePoint |
TCP | 32844 | Communication between Web servers and service applications | https Inbound rule Added to Windows firewall by SharePoint |
TCP | 32845 | net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application) | Custom Service Applications Inbound rule Added to Windows firewall by SharePoint |
TCP | 32846 | Microsoft SharePoint Foundation User Code Service (for sandbox solutions) | Inbound on all Web Servers Inbound rule Added to Windows firewall by SharePoint Outbound on all Web and App servers with service enabled. |
TCP | 5725 | User Profile Synchronization Service(FIM) | Synchronizing profiles between SharePoint 2013 and Active Directory Domain Services (AD DS) on the server that runs the Forefront Identity Management agent |
TCP + UDP | 389 | User Profile Synchronization Service(FIM) | LDAP Service |
TCP + UDP | 88 | User Profile Synchronization Service(FIM) | Kerberos |
TCP + UDP | 53 | User Profile Synchronization Service(FIM) | DNS |
UDP | 464 | User Profile Service(FIM) | Kerberos change password |
TCP | 809 | Office Web Apps | Intra-farm Office Web Apps communication. |
References:
Plan security hardening for SharePoint 2013
http://technet.microsoft.com/en-us/library/cc262849.aspx
Configure SQL Server security for SharePoint 2013 environments
http://technet.microsoft.com/en-us/library/ff607733.aspx#proc1
Blocking the standard SQL Server ports
http://technet.microsoft.com/en-us/library/cc262849.aspx#BlockingSQL
Service application communication
http://technet.microsoft.com/en-us/library/cc262849.aspx#ServiceApp
User Profile service hardening requirements
http://technet.microsoft.com/en-us/library/cc262849.aspx#UserProfile
Set-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607922.aspx
Get-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607794.aspx
TCP/IP Communications (Windows Server AppFabric Caching)
http://msdn.microsoft.com/en-us/library/ee790914(v=azure.10).aspx
___________________________________________________________________________________________________
Enjoy!
Regards
great, thanks!
Thomas, as ever you right on the money…. just been asked from one of my client’s network team re firewall ports and here they are.. Thanks again
Thanks, I usually post what I need and it seems like my needs are the same as many others 🙂
Merry Cristmas
// Thomas
Please update about the ports for Sp2016. The above article is very helpful for SP2013.
Done, now a 2016 version is available.
// Thomas
Thanks for the SharePoint ports list,
Please advise regarding port 80.
i am installing new SharePoint 2013 farm, with 3 tiers security network “WFE internet, WFE intranet, and APP”, and i want to allow firewall access, but security team refuse to allow port 80 because it’s not secure port.
Hi Yuosof.
Regarding port 80. You only need port 80 to be opened to the ‘users’ if you use http on the Web applications. If you configure everything to use https which is recommended then 443 is well enough.
All of these ports do not need to be opened towards ‘internet’ or the users, most of them are cross-server only, the local Windows firewall needs to have these opened, depending on services used and running on each server and so on.
You can safely tell the security people then can have their 80 closed 🙂 Aim for https and 443.
Regards
// Thomas
So it’s not required during the installation of SharePoint WFE, because i use it is used in the default web application.
WebApplicationList after install the sharepoint APP server only:
SharePoint Central Administration v4 http://sjeditb16455:2600/ 2600
SharePoint – 80 http://sjeditb16456/ 80
No, you can change the port of the default webapp whenever you want.
80 or 443 is preffered so that browsers will access it without having to declare the port.
(If you change the port, use a selfsigned cert or a cert issued by your CA, also update the ALternate Access Mappings in Central Administration)
// T