Home > https, Kerberos, Networking, Security, SharePoint 2013, SSL > TCP/IP Ports of SharePoint 2013

TCP/IP Ports of SharePoint 2013

February 21, 2013 Leave a comment Go to comments

Hi fellow SharePoint lovers!
(Find the 2016 version here)

Have you ever wondered? What ports do I need to open? Why can’t the web server access the Databases…what does that event mean? For example in SharePoint 2010 we had the ‘Cannot connect to SQL Server – Event 3355‘, perhaps you need to know simply for the docmentation you want to leave behind?
Wonder no more. I have here tried to compile a complete list of all the ports used. Most are configured by SharePoint but some needs to be manualy configured and it all depends on hw you have installed and configured your farm in the first Place.

headerx

I hope that the list will be of use! Please let me know if I have missed anything related, however remote…

List of ports used by SharePoint 2013 and its related services.
Reference links at the end.

Protocol Port Usage Comment
TCP 80 http Client to SharePoint web server traffic
(SharePoint – Office Web Apps communication)
TCP 443 https/ssl Encrypted client to SharePoint web server traffic
(Encrypted SharePoint – Office Web Apps communication)
TCP 1433 SQL Server default communication port. May be configured to use custom port for increased security
UDP 1434 SQL Server default port used to establish connection May be configured to use custom port for increased security
TCP 445 SQL Server using named pipes When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445
TCP 25 SMTP for e-mail integration Cannot be configured
TCP 16500-16519 Ports used by the search index component Intra-farm only
Inbound rule Added to Windows firewall by SharePoint
TCP 22233-22236 Ports required for the AppFabric Caching Service Distributed Cache…
TCP 808 Search – Query processing component
Windows Communication Foundation communication
Search – Query processing component
WCF
TCP 32843 Communication between Web servers and service applications http (default) To use custom port, see references section
Inbound rule Added to Windows firewall by SharePoint
TCP 32844 Communication between Web servers and service applications https
Inbound rule Added to Windows firewall by SharePoint
TCP 32845 net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application)  Custom Service Applications
Inbound rule Added to Windows firewall by SharePoint
TCP 32846 Microsoft SharePoint Foundation User Code Service (for sandbox solutions)  Inbound on all Web Servers
Inbound rule Added to Windows firewall by SharePoint
Outbound on all Web and App servers with service enabled.
TCP 5725 User Profile Synchronization Service(FIM) Synchronizing profiles between SharePoint 2013 and Active Directory Domain Services (AD DS) on the server that runs the Forefront Identity Management agent
TCP + UDP 389 User Profile Synchronization Service(FIM) LDAP Service
TCP + UDP 88 User Profile Synchronization Service(FIM) Kerberos
TCP + UDP 53 User Profile Synchronization Service(FIM) DNS
UDP 464 User Profile Service(FIM) Kerberos change password
TCP 809 Office Web Apps Intra-farm Office Web Apps communication.

References:

Plan security hardening for SharePoint 2013
http://technet.microsoft.com/en-us/library/cc262849.aspx

Configure SQL Server security for SharePoint 2013 environments
http://technet.microsoft.com/en-us/library/ff607733.aspx#proc1

Blocking the standard SQL Server ports
http://technet.microsoft.com/en-us/library/cc262849.aspx#BlockingSQL

Service application communication
http://technet.microsoft.com/en-us/library/cc262849.aspx#ServiceApp

User Profile service hardening requirements
http://technet.microsoft.com/en-us/library/cc262849.aspx#UserProfile

Set-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607922.aspx

Get-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607794.aspx

TCP/IP Communications (Windows Server AppFabric Caching)
http://msdn.microsoft.com/en-us/library/ee790914(v=azure.10).aspx


___________________________________________________________________________________________________

Enjoy!

Regards

Twitter | Technet Profile | LinkedIn

Advertisements
  1. August 21, 2014 at 16:15

    great, thanks!

  2. December 22, 2014 at 14:07

    Thomas, as ever you right on the money…. just been asked from one of my client’s network team re firewall ports and here they are.. Thanks again

    • December 23, 2014 at 14:49

      Thanks, I usually post what I need and it seems like my needs are the same as many others 🙂
      Merry Cristmas
      // Thomas

  3. Hemant Basavapattan
    December 19, 2016 at 18:08

    Please update about the ports for Sp2016. The above article is very helpful for SP2013.

  4. RADI, YUOSOF
    February 21, 2017 at 09:14

    Thanks for the SharePoint ports list,
    Please advise regarding port 80.
    i am installing new SharePoint 2013 farm, with 3 tiers security network “WFE internet, WFE intranet, and APP”, and i want to allow firewall access, but security team refuse to allow port 80 because it’s not secure port.

    • February 21, 2017 at 09:25

      Hi Yuosof.
      Regarding port 80. You only need port 80 to be opened to the ‘users’ if you use http on the Web applications. If you configure everything to use https which is recommended then 443 is well enough.
      All of these ports do not need to be opened towards ‘internet’ or the users, most of them are cross-server only, the local Windows firewall needs to have these opened, depending on services used and running on each server and so on.
      You can safely tell the security people then can have their 80 closed 🙂 Aim for https and 443.
      Regards
      // Thomas

      • RADI, YUOSOF
        February 21, 2017 at 09:32

        So it’s not required during the installation of SharePoint WFE, because i use it is used in the default web application.

        WebApplicationList after install the sharepoint APP server only:
        SharePoint Central Administration v4 http://sjeditb16455:2600/ 2600
        SharePoint – 80 http://sjeditb16456/ 80

      • February 21, 2017 at 10:02

        No, you can change the port of the default webapp whenever you want.
        80 or 443 is preffered so that browsers will access it without having to declare the port.
        (If you change the port, use a selfsigned cert or a cert issued by your CA, also update the ALternate Access Mappings in Central Administration)

        // T

  1. June 21, 2013 at 12:08
  2. July 30, 2013 at 15:18
  3. September 20, 2013 at 21:39
  4. November 18, 2013 at 06:59
  5. February 28, 2014 at 17:47
  6. March 2, 2015 at 06:02
  7. March 2, 2015 at 06:02
  8. May 27, 2015 at 06:34

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: