5- Firewall Settings

Firewall settings that you need to configure depends on what kind of activities you will be using on your SCCM. The firewall settings can be distributed to the clients via  Group Policy. Start Group Policy Management Editor and navigate

Computer Configuration / Policies /  Windows Settings / Security Settings /Windows Firewall with Advanced Security

In the picture, you can see that I allow Inbound Ping Requests. That is for connection test purposes.

 

 

Client-Push Installation: If you are going to install clients via Client-Push method, then you need to allow these two.

  • Outbound and inbound: File and Printer Sharing
  • Inbound: Windows Management Instrumentation (WMI)

 

Client Installation (via Group Policy): 

  • Outbound and inbound: File and Printer Sharing

 

 

For the communication between Site Servers and Client Computers :

  • Outbound: TCP Port 80 (for HTTP communication)
  • Outbound: TCP Port 443 (for HTTPS communication)

 

 

For the actions that is trigger from Management Point towards the Client Computers:

(For example, to trigger download of client policy to client computer from SCCM Console) 

  • Outbound: TCP Port 10123 

If that connection fails the below ports will be tried.

  • Outbound: TCP Port 80 (for HTTP communication)
  • Outbound: TCP Port 443 (for HTTPS communication)

 

 

 Network Access Protection:System Health Validator point and client communication

  • Outbound: UDP 67 and UDP 68 For DHCP
  • Outbound: TCP 80/443 For Ipsec

 

 

 Remote Control:

  • Inbound: TCP Port 2701

 

Ports that you need to open on Database Server:

  • Inbound: TCP Port 1433
  • Inbound: TCP Port 4022

 

Remote Assistance and Remote Desktop:

To initiate Remote Assistance from the Configuration Manager console, add the custom program Helpsvc.exe and the inbound custom port TCP 135 to the list of permitted programs and services in Windows Firewall on the client computer. You must also permit Remote Assistance and Remote Desktop. If you initiate Remote Assistance from the client computer, Windows Firewall automatically configures and permits Remote Assistance and Remote Desktop.

 

Here is the full official documentation in case you need.

http://technet.microsoft.com/en-us/library/gg682180.aspx

 

 

© selimatmaca.com. All Rights Reserved.