The following is a list of ports and protocols which SharePoint 2013 Farms utilize.
This can be leveraged as a guide for configuring firewalls and/or security hardening of the farm.
- TCP 80, TCP 443 (SSL)
- Custom ports for search crawling, if configured (such as for crawling a file share or a website on a non-default port)
- Ports used by the search index component — TCP 16500-16519 (intra-farm only)
- Ports required for the AppFabric Caching Service — TCP 22233-22236
- Ports required for Windows Communication Foundation communication — TCP 808
- Ports required for communication between Web servers and service applications (the default is HTTP):
- HTTP binding: TCP 32843
- HTTPS binding: TCP 32844
- net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application)
- Ports required for synchronizing profiles between SharePoint 2013 and Active Directory Domain Services (AD DS) on the server that runs the Forefront Identity Management agent:
- TCP 5725
- TCP&UDP 389 (LDAP service)
- TCP&UDP 88 (Kerberos)
- TCP&UDP 53 (DNS)
- UDP 464 (Kerberos Change Password)
- Default ports for SQL Server communication — TCP 1433, UDP 1434. If these ports are blocked on the SQL Server computer (recommended) and databases are installed on a named instance, configure a SQL Server client alias for connecting to the named instance.
- Microsoft SharePoint Foundation User Code Service (for sandbox solutions) — TCP 32846. This port must be open for outbound connections on all Web servers. This port must be open for inbound connections on Web servers or application servers where this service is turned on.
- Ensure that ports remain open for Web applications that are accessible to users.
- Block external access to the port that is used for the Central Administration site.
- SMTP for e-mail integration — TCP 25