Firewall Help: Port activation
Table of contents
- Ports for Exchange (msx.tu-dresden.de)
- Ports for BBB
- Ports for D3SAP-DMS
- Ports for access to printers
- Ports for access to print servers
- Ports for accessing web server
- Ports for unblocking the VPN service
- Ports for unblocking Active Directory access (Pool Concept)
- Ports for participating in the Active Directory Forest (domain ADs)
- Recommendation of ports for accessing general servers (Windows/Unix)
Preliminary Note
ZIH does not recommend restricting outgoing data traffic out of employee networks, as long as there are no security incidents. Only the necessary ports to the employee-network should be opened (see for example, Exchange, below).
Ports for Exchange (msx.tu-dresden.de)
Incoming and outgoing from the Client-network to msx and vice versa.
object-group service og_s_exchange-ports:
TCP/UDP 389
TCP/UDP 55000
TCP/UDP 55001
TCP/UDP 88
TCP/UDP domain
TCP 135
TCP 3268
TCP 5075-5077
TCP 587
TCP 6001-6004
TCP 64327
TCP 808
TCP 993
TCP 995
TCP www
TCP imap4
TCP pop3
TCP smtp
Ports for BBB
object-group service og_s_bbb:
TCP 80
TCP 443
UDP 16384-32768
Ports for D3SAP-DMS
object-group service-tcp og_st_dms:
TCP 4430
TCP 4440
Ports for access to printers
In the direction of the printer network.
object-group service og_s_drucker-ports:
TCP/UDP 631
TCP 9100
TCP lpd
TCP domain
TCP/UDP snmp
Ports for access to print servers
In the direction of the print server.
object-group service og_s_druckserver-ports:
TCP / UDP 515
TCP / UDP 9100
Ports for accessing web server
In the direction of the web server.
object-group service-tcp og_st_web:
TCP www
TCP https
TCP 8080
TCP 8443
Ports for unblocking the VPN service
From the client network into the world or to the special VPN gateway, as VPN, depending on the VPN technology, requires besides the IP (UDP ports) the ESP or GRE protocol.
object-group service-udp og_s_vpn:
UDP 10000
UDP 4500
UDP isakmp
TCP/UDP 443
Protocol: ESP, GRE
Ports for unblocking Active Directory access (Pool Concept)
From the client network to the active directory servers, and from the corresponding Active Directory servers back to the clients.
object-group service og_s_windows_ad_domain:
TCP/UDP 42
TCP/UDP 53
TCP/UDP 88
UDP 123
TCP/UDP 135
TCP/UDP 137
TCP/UDP 138
TCP/UDP 139
TCP/UDP 389
TCP/UDP 445
TCP/UDP 464
TCP 593
TCP/UDP 636
TCP/UDP 749
TCP 1433
TCP/UDP 1512
TCP 3268-3269
TCP 5722
TCP 8530
TCP 8531
TCP 8192-8194
TCP 9389
TCP 49151-65535
icmp echo
icmp echo-reply
icmp unreachables
Ports for participating in the Active Directory Forest (domain ADs)
Sharing only between Active Directory servers in both directions.
object-group service og_s_ad-forest:
TCP/UDP 53
TCP/UDP 88
TCP 135
TCP/UDP 389
TCP/UDP 445
TCP 3268
Recommendation of ports for accessing general servers (Windows/Unix)
From the clients towards the server.
object-group service og_s_ma-server:
TCP ssh
TCP https
TCP 902
TCP 445
TCP netbios-ssn
TCP netbios-ns
TCP www
icmp echo
icmp echo-reply