Joel Oleson's Blog - SharePoint Land : Protocols, Ports, and Firewall Rules

Protocols, Ports, and Firewall Rules

TechReady4 (internal technical readiness field event in Seattle) went really well. Some good times. Wanted to share some data from a couple slides in the advanced deployment deck. Refer to the TechNet Planning Security for additional details: Plan for secure communication within a server farm, Plan security hardening for server roles within a server farm (Office SharePoint Server). You can also look forward to an extranet document and logical architectures document that will both help planning out your extranet/internet site better.

All protocols are HTTP-based

Remote Procedure Call Protocol: HTTP/S POST FrontPage Server Extensions RPC Protocol:Windows SharePoint Services RPC Protocol
DCOM over RPC: Server to Server RPC Communication for SSO.
FP-RPC: SharePoint Designer (WSS RPC Methods) example: GetUsageBlob

CAML: Collaborative Application Markup Language (CAML) to send multiple requests per transaction.

Stssync Protocol (Drag and Drop in Outlook Calendars with SharePoint Events List)
URL Protocol: Windows SharePoint Services RPC Protocol

HTTP/S GET: Browser sessions, including mobile views and mobile device access (http://support.microsoft.com/kb/930147)

XML, Classes and Web Services (including Web Controls and WSRP Web Service), Really Simple Syndication (RSS) & Simple Object Access Protocol (SOAP) API and Document HTML Transformation/Conversion Services
Web-DAV: Explorer View, Remote "Web Client" WebDav Methods (Not all these methods used by SharePoint)

Inbound/Outbound	From	Port	To
Inbound	Client IPs (as applicable)	TCP 80 or 443	ISA Web Pub or WFE
Inbound	TS Jump point	RDP (TCP 3389) For Remote Admin	APP (Central Admin /SSP Admin)
Inbound	All SharePoint Server (Depends on Central Admin config)	Office Server Web Services, TCP 56737, SSL 56738	App (Central Admin /SSP Admin)
Inbound	Index ***	TCP 80 or 443	WFE
Outbound	ALL SharePoint Svrs (Based on Auth)	DS (TCP 445) RPC (TCP 135) DNS (UDP 53) Kerberos (UDP 88) LDAP/S (UDP 389/636)	DC/DNS (LDAP)
Outbound/(Inbound if applicable)	WFE (alerts or mail enabled list) *	SMTP (TCP 25)	SMTP/Exchange
Outbound	ALL SharePoint Svrs	SQL (TCP 1433) or SSL custom port	SQL
Outbound	WFE (Search Request)	Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445)	Query
Outbound	Index (Propagation)	Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445)	Query
Outbound	WFE (SSO)	RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC)	APP Servers

* Don't forget outbound RSS/XML displays, and any online web parts

** Don't forget outbound to BDC connections and datasources as applicable

*** Don't Forget outbound ports (80/25, etc...) to crawl seeds, content sources

Warning: As with anything be sure to consider what is necessary, don't just do it to make it work.

Published Tuesday, February 13, 2007 7:04 AM by joelo

Filed under: Network, Security

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

Wednesday, February 14, 2007 8:22 AM by " + title + "

# " + title + "

PingBack from http://www.do-ict.nl/2007/02/14/protocols-ports-and-firewall-rules-for-sharepoint/

Sunday, June 03, 2007 8:52 PM by Andrew Lynes' WebLog

# SharePoint 2007 Protocols and Ports

In researching how to deploy MOSS into a customer's data centre, I needed to find out exactly what and

Sunday, August 19, 2007 11:56 AM by Piensa SharePoint

# Firewall: Puertos requeridos para MOSS (y w2k3)

Hace unos días instalé un firewall personal llamdo GhostWall en mi laptop (cpu Turion 64-bit). No hay

Thursday, February 14, 2008 3:22 AM by Alex blog about Microsoft

# MOSS 2007: Protocols, Ports, and Firewall Rules

Joel Oleson has posted an article decribing the protocols, ports and firewall rules with regards to MOSS

Tuesday, March 17, 2009 9:34 PM by Papushka

# re: Protocols, Ports, and Firewall Rules

Hi ... i was just looking and couldnt really find any information. I was wondering if you knew if Usage Analysis needs any special ports need to be opened for this work.

Title (required)
Name required
Your URL
Comments (required)

Enter Code Here: Required
Remember Me?

Joel Oleson's Blog - SharePoint Land

This Blog

Search

News

MOSS Internet Sites

Most Popular Posts

My Favorite SharePoint Bloggers

Tags

Recent Posts

Archives