SharePoint 2016 huh?!
(Long time since I last posted anything real here…)
Actually, this post is by popular demand π This is the 2016 version of the post a wrote when SHarePoint 2013 was new, as you can see, not much has changed…I have updated a few lines with what I know now that I did not know then, thats it. Please let me know if I missed something.
The recommended approach is to create a GPO with these firewall rules and apply that rule to the SharePoint servers in your farm. Add all of them, best that way to avoid extreme t-shooting in the future.
Another but related recommendation is to configure the Loopback check funktion in Windows server to allow the FQDN’s of your web applications (Use theΒ Loopback check tool).
List of ports used by SharePoint 2013 and its related services.
Reference links at the end.
Protocol | Port | Usage | Comment |
TCP | 80 | http | Client to SharePoint web server traffic (SharePoint β Office Online Server/Office Web Apps communication) |
TCP | 443 | https/ssl | Encrypted client to SharePoint web server traffic (Encrypted SharePoint β Office Online Server/Office Web Apps communication) |
TCP | 1433 | SQL Server default communication port. | May be configured to use custom port for increased security |
UDP | 1434 | SQL Server default port used to establish connection | May be configured to use custom port for increased security |
TCP | 445 | SQL Server using named pipes | When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445 |
TCP | 25 | SMTP for e-mail integration | CannotΒ in 2016 be configured (Use SMTP ports other than the default (25).) |
TCP | 16500-16519 | Ports used by the search index component | Intra-farm only Inbound rule Added to Windows firewall by SharePoint. (GPO may override this change) |
TCP | 22233-22236 | Ports required for the AppFabric Caching Service | Used by the Distributed Cache… |
TCP | 808 | Search – Query processing component Windows Communication Foundation communication |
Search – Query processing component (WCF) |
TCP | 32843 | Communication between Web servers and service applications | http (default) To use custom port, see references section Inbound rule Added to Windows firewall by SharePoint |
TCP | 32844 | Communication between Web servers and service applications | https Inbound rule Added to Windows firewall by SharePoint |
TCP | 32845 | net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application) | Β Custom Service Applications Inbound rule Added to Windows firewall by SharePoint |
TCP | 32846 | Microsoft SharePoint Foundation User Code Service (for sandbox solutions) | Β Inbound on all Web Servers Inbound rule Added to Windows firewall by SharePoint Outbound on all Web and App servers with service enabled. |
TCP | 636 | User Profile Synchronization Service/Active Directory Import | Synchronizing profiles between SharePoint 2016 and AD using SLDAP (Secure LDAP) |
TCP | 5725 | User Profile Synchronization Service | Synchronizing profiles between SharePoint 2016 and Active Directory Domain Services (AD DS) |
TCP + UDP | 389 | User Profile Synchronization Service | LDAP Service |
TCP + UDP | 88 | User Profile Synchronization Service | Kerberos |
TCP + UDP | 53 | User Profile Synchronization Service | DNS |
UDP | 464 | User Profile Service | Kerberos change password |
TCP | 809 | Office Online Server/Office Web Apps | Office Online Server/Office Web Apps intra-farm communication. |
References:
Security for SharePoint Server 2016
https://technet.microsoft.com/en-us/library/mt683473(v=office.16).aspx
TCP/IP Ports of SharePoint 2013
https://blog.blksthl.com/2013/02/21/tcpip-ports-of-sharepoint-2013/
___________________________________________________________________________________________________
Enjoy!
Regards