Configuring the Windows Firewall for SharePoint Farm Traffic (Single Server)

Applies to: SharePoint Server 2013, SharePoint Foundation 2013

What ports do I need to open? Which Firewall ports and where to open them are detailed in this document. If you cannot access the web server, application server or databases due to gateways, firewalls then this document is for you.

I have compiled a complete list of all the ports used. Most are configured by SharePoint but some needs to be manually configured. Of course, this is only one scenario and it all depends on network configuration you have and whether you have a single farm, or a multi-tiered farm configured behined gateways, firewalls etc.

On each SharePoint 2013 Server, you will need to set a firewall rule to allow SharePoint intra-farm traffic and HTTP/HTTPS traffic. Also, I have listed which SharePoint server (WFE or Application, Search etc) ports are required. This will help your scenario.

So deploying SharePoint farms on servers with an active Windows firewall requires opening several ports to achieve a fully functional farm,

Please Note : For best practice manage these firewall settings using domain policies.

25TCPInSMTP for e-mail integration
16500 – 16519TCPInPorts used by the search index component
22233-22236TCPIn / OutPorts required for the AppFabric Caching Service
32843-32845TCPInCommunication between Web servers and service applications
32846TCPIn / OutSharePoint User Code Service
808-809TCPInOffice Web Apps
5725TCPInUser Profile Synchronization Service
389TCP+UDPInUser Profile Synchronization Service (LDAP Service)
88TCP+UDPInUser Profile Synchronization Service (Kerberos)
53TCP+UDPIn / OutUser Profile Synchronization Service (DNS)
1433TCPOutServer default communication port (if no alias or custom port)
1434UDPOutSQL Server default port used to establish connection (if no alias or custom port)
445TCPOutSQL Server over named pipes
2383TCPOutSQL Analysis Server default communication port (if no alias or custom port)

Leave a Reply