SharePoint 2007 Farm ports – configuring firewall
Introduction
Depending on the environment you are configuring you might need not only open ports between client and your Web Front End(WFE) servers, but you might have internal topology where your SharePoint servers are separated by layers and are isolated by firewalls. In such situation you need to know the inner-process communication ports and direction, to open the ports on firewall.
The following table describes all ports SharePoint 2007 uses for the communications. Take into account that only 2 posts are used between client PC and WFE (the indenting line). All other ports are for internal and external communications between SharePoint servers.
The advantage of this document is that I summarized all ports together that are described in different documents, and included directions. Microsoft doesn’t provide you the summary info for ports and directions.
SharePoint 2007 Ports
| Inbound/Outbound | From | Port | Type | To |
| Inbound | Client IPs (as applicable) | TCP 80 or 443 (SSL) | HTTP | ISA Web Pub or WFE |
| Inbound | TS Jump point | RDP (TCP 3389) For Remote Admin | | APP (Central Admin /SSP Admin) |
| Inbound | All SharePoint Server (Depends on Central Admin configuration) | Office Server Web Services, TCP 56737, SSL 56738 | HTTP | App - Central Admin /SSP Admin (Web Service Control) |
| Inbound | Index | TCP 80 or 443 | | WFE |
| Outbound | ALL SharePoint Servers (Based on Authentication) | DS (TCP 445) RPC (TCP 135) DNS (TCP/UDP 53) Kerberos (UDP 88) LDAP/S (UDP 389/636) | | DC (AD) /DNS (LDAP) |
| Outbound | External Content | DNS (TCP/UDP 53) | | DNS |
| Outbound/(Inbound if applicable) | WFE (alerts or mail enabled list) | SMTP (TCP 25) | | SMTP/Exchange |
| Outbound | ALL SharePoint Servers | SQL (TCP 1433) or custom port for Named SQL Instance | SQL Server Tabular Data Stream (TDS) | SQL Server |
| Outbound | WFE (Search Request) | Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | Server Message Block (SMB) | Query |
| Outbound | Index (Propagation) | Search Query, either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | | Query |
| Outbound | Index (File Shares) | Either NBT (TCP/UDP 137, 138,139) or Direct-hosted SMB (TCP/UDP 445) | Server Message Block (SMB) | External Content |
| Outbound | Index (BDC) | SQL (TCP 1433) or custom port | | External Content |
| Outbound | WFE (SSO) | RPC for SSO – (TCP 135), plus random high ports (Dynamic RPC) or restricted high ports (Static RPC) | | APP Servers |
| Outbound | WFE | TPC 80, TCP 443, TCP (custom) | HTTP | Index Server (search crawling) |
| Outbound | Index (Search Crawling) | TPC 80, TCP 443, TCP (custom) | HTTP | WDE |
| Outbound | Index (Sites) | TPC 80, TCP 443, TCP (custom) | | External Content |
Inter-server communications of SharePoint 2007
Extra -server communications of SharePoint 2007
Firewalls
Depending on you farm design you might require firewall between your farm’s servers. In case of separate networks you should know that one-way trust relationship is required between WFE and Applications Servers, Application Servers and Database, if they are separated by network.
You need to configure firewall properly for domains and trusts http://support.microsoft.com/kb/179442/
Sources: