5- Firewall Settings


Firewall settings that you need to configure depends on what kind of activities you will be using on your SCCM. The firewall settings can be distributed to the clients via  Group Policy. Start Group Policy Management Editor and navigate

Computer Configuration / Policies /  Windows Settings / Security Settings /Windows Firewall with Advanced Security

In the picture, you can see that I allow Inbound Ping Requests. That is for connection test purposes.



Client-Push Installation: If you are going to install clients via Client-Push method, then you need to allow these two.


Client Installation (via Group Policy): 



For the communication between Site Servers and Client Computers :



For the actions that is trigger from Management Point towards the Client Computers:

(For example, to trigger download of client policy to client computer from SCCM Console) 

If that connection fails the below ports will be tried.



 Network Access Protection:System Health Validator point and client communication



 Remote Control:


Ports that you need to open on Database Server:


Remote Assistance and Remote Desktop:

To initiate Remote Assistance from the Configuration Manager console, add the custom program Helpsvc.exe and the inbound custom port TCP 135 to the list of permitted programs and services in Windows Firewall on the client computer. You must also permit Remote Assistance and Remote Desktop. If you initiate Remote Assistance from the client computer, Windows Firewall automatically configures and permits Remote Assistance and Remote Desktop.


Here is the full official documentation in case you need.