SCCM Firewall ports and network ports must be defined if you want manage clients across multiple networks. Configuration Manager to properly manage clients if some ports are not been defined and opened to allow for traffic to flow properly. Typical symptoms of failed network connectivity can be clients stuck with old configuration manager client, trouble to patch and deploy software. Here is a copy of my cheat-sheet that I use (or send to the network technicians) to make sure all required traffic is let through.
Required SCCM Firewall Ports
These firewall ports are required for SCCM to properly manage clients. You need to specify these in your network / firewall to allow the traffic pass, and they must be open on sccm servers internal firewall as well.
Firewall Ports Client Network -> Configuration Manager Roles
- 67 UDP. PXE Distribution Point
- 68 UDP. PXE Distribution Point
- 69 UDP. PXE Distribution Point
- 80 TCP. Distribution Point, Fallback Status Point, Management point,
- 443 TCP. Distribution Point, Management point (secure)
- 4011 UDP. PXE Distribution Point
- 8530 TCP. Software Update Point.
- 8531 TCP. Software Update Point (secure).
- 10123 TCP. Management Point.
Firewall Ports Configuration Manager Roles -> Client Network
- 9 UDP. Site Server, required by Wake On Lan.
Optional SCCM Firewall Ports, nice to have.
These ports are optional and not required for Configuration Manager to manage clients. I still recommend to open them as they make the daily life of the SCCM administrator much easier.
Firewall Ports Client Network -> Configuration Manager Roles
- 445 TCP. Windows File Share. Required if you use ccmsetup /source: to specify client source.
Firewall Ports Configuration Manager Console -> Client Network
- 135 TCP. Windows Management Instrumentation
- 445 TCP. Windows File Share. This together with Right Click Tools makes it very easy for you to connect to client computers local hard drive when you troubleshoot a client.
- 2701 TCP. Enable remote control from Configuration Manager Console.
- 3389 TCP. Enable Remote Assistance and Remote Desktop.
- ICMP Echo Request.
Reference: Microsoft Technet Firewall Ports
Anders Rødland ,Thanks
It will be very helpfull if you mentioned source and destination with direction of access rule