|
Ports used by LANDesk Management Suite - Full List
Created on: Nov 20, 2007 5:34 PM by LANDesk Support - Last Modified: Feb 23, 2010 8:19 AM by Snowman
LDMS Components | Platform Applicability | |||||||||
Protocol | Port | Component | Direction | Component | Description | Version | PC | Mac | Linux | |
UDP | 67 | Client | --> | PXE Rep | PXE (Broadcast) | 8.7 - 9.0 | Y | N | Y | |
UDP | 68 | PXE Rep | --> | Client | PXE | 8.7 - 9.0 | Y | N | N | |
UDP | 69 | Client | --> | PXE Rep | TFTP | 8.7 - 9.0 | Y | N | Y | |
TCP | 80 | Client | --> | Core | Vulscan | 8.7 - 9.0 | Y | Y (ldpatch) | Y | |
TCP | 443 | Console,Client, | --> | Core | HTTPS Mgmt | 8.7 - 9.0 | Y | Y | Y | |
TCP | 139(445) | Console | --> | Core | Remote Console Login | 8.7 - 9.0 | Y | N | N | |
UDP | 1758 | PXE Rep | --> | Client | MTFTP | 8.7 - 9.0 | Y | N | N | |
UDP | 1759 | Client | --> | PXE Rep | MTFTP | 8.7 - 9.0 | Y | N | Y | |
UDP | 4011 | Client | --> | PXE Rep | PXE (Unicast) | 8.7 - 9.0 | Y | N | Y | |
TCP | 5007 | Client | --> | Core | Inventory | 8.7 - 9.0 | Y | Y | Y | |
TCP | 8092 | Core,Console | <--> | AMT MPS Server | AMT CIRA | 8.8 - 9.0 | Y | N | N | |
TCP | 9535 | Core,Console | --> | Client | Remote Mgmt | 8.7 - 9.0 | Y | Y | Y | |
UDP | 9535 | XDD Client | --> | XDD Client | Device Discovery | 8.7 - 9.0 | Y | N | N | |
TCP | 9590 | Core | <--> | Console | SLM | 9.0 | Y | N | N | |
TCP | 9591 | Core | <--> | Console | SLM | 9.0 | Y | N | N | |
TCP | 9593 | Core | --> | Client | Software Dist | 8.7 - 9.0 | Y | Y | Y | |
TCP | 9594 | Core | <--> | Client | Software Dist | 8.7 - 9.0 | Y | Y | Y | |
UDP/TCP | 9595 | Core,Console | <--> | Client | Agent Discovery | 8.7 - 9.0 | Y | Y | Y | |
TCP | 9971 | Core | --> | Client | Agentless AMT Discovery | 8.7 - 9.0 | Y | N | N | |
TCP | 9972 | Core | --> | Client | AMT Notification | 8.7 - 9.0 | Y | N | N | |
TCP | 9982 | Client | --> | Core | AMT Discovery (VPro) | 8.7 - 9.0 | Y | N | N | |
TCP | 12174 | Core | --> | Client | Remote Execute | 8.7 - 9.0 | Y | Y | Y | |
TCP | 12175 | Client | --> | Core | Policy Based SW Dist | 8.7 - 9.0 | Y | Y | N | |
TCP | 12176 | Client | --> | Core | Policy Based SW Dist | 8.7 - 9.0 | Y | Y | N | |
TCP | 16992 | Core | <--> | Client | HTTP AMT Mgmt | 8.7 - 9.0 | Y | N | N | |
TCP | 16993 | Core | <--> | Client | HTTPS AMT Mgmt | 8.7 - 9.0 | Y | N | N | |
TCP | 16994 | Core | <--> | Client | AMT Hello Packets | 8.7 - 9.0 | Y | N | N | |
TCP | 33354 | Client | --> | Client | Peer Download | 8.7 - 9.0 | Y | Y | N | |
UDP/TCP | 33354 | Core | --> | Subnet Rep | Multicast | 8.7 - 9.0 | Y | N | N | |
UDP | 33355 | Subnet Rep | --> | Client | Multicast | 8.7 - 9.0 | Y | Y | N | |
**This traffic is on the local subnet only | ||||||||||
Non-LDMS Components | Platform Applicability | |||||||||
Protocol | Port | Component | Direction | Component | Description | Version | ||||
TCP | 80 | Client | --> | Source | URL Download | * | Y | Y | Y | |
TCP | 80 | Console | --> | Core | HTTP Mgmt | * | Y | Y | Y | |
TCP | 389 | Core | --> | Directory | LDAP Queries | * | Y | Y | Y | |
TCP | 443 | Console,Client | --> | Core | HTTPS Mgmt | * | Y | Y | Y | |
TCP | 445 | Client | --> | Source | UNC Download | * | Y | N | N | |
TCP | 1433 | Console,Core | --> | Database | MS-SQL | * | Y | Y | Y | |
TCP | 1521 | Console,Core | --> | Database | Oracle | * | Y | Y | Y | |
***Denotes default setting. User can customize port number information. | ||||||||||
Legacy LDMS Components | Platform Applicability | |||||||||
Protocol | Port | Component | Direction | Component | Description | Version | ||||
TCP | 1761 | Console | --> | Client | Remote Control | < 8.5 | Y | Y | N | |
TCP | 1762 | Console | --> | Client | Remote Control | < 8.5 | Y | Y | N | |
TCP | 1761 | Console | --> | Client | MAC Remote Control | < = 8.7 - 9.0 | N | Y | N | |
TCP | 1762 | Console | --> | Client | MAC Remote Control | < = 8.7 - 9.0 | N | Y | N | |
TCP/UDP | 33353 | Core | --> | Subnet Rep | Multicast | < 8 | Y | N | N | |
TCP | 38292 | Client | <--> | All | CBA | < 8 | Y | Y | Y | |
UDP | 38293 | Client | <--> | All | Agent Discovery | < 8 | Y | Y | Y | |
Ian
says:
Merge with doc 2523 and add the following
Intel AMT Ports that must be open to function properly.
Intel AMT Ports (These ports cannot be changed)
16992 (non-TLS)
16993 (TLS)
16994 (non-TLS Redirection)
16995 (TLS Redirection)
LANDesk Ports
9971 (Agentless AMT Discovery)
Ian
says:
Could we update this list to 8.8 -
I guess that alerting and SWD Policy are now on different ports (assuming a pure 8.8 environment)?
Makke
says
in response to Ichiro:
We saw LANDesk traffic over port 38293 on our firewalls in LDMG 8.8. Are you sure this port isn't used anymore? We never had the legacy versions...
rhyous
says
in response to Makke:
I think we may try to use the old ports if we are looking for a device and it doesn't respond to the new ports.
So you don't need to enable those ports as they are only fall back methods which you would never need unless you actually had older stuff.
Henrik Heves
says:
Hi Guys!
i have a simple question about port usage, i didn't find the answer in this list.
Does the security update need any special port to download new definitions from the https://patchemea.landesk.com?
It is need to open the "standard http ssl port" (443) on the firewall?
Thanks for your help!
Henrik
Henrik Heves
says
in response to Mark Bastin:
Hello Mark!
Thanks for your quick help!
Regards, Henrik
Henrik Heves
says
in response to Mark Bastin:
Hi Mark,
i have one more question, i hope you know the correct answer.
Our customer is using Zorp firewall as HTTPS proxy, and it is change the certificate of the HTTPS (here https://patchemea.landesk.com) site to his own certificate. So the LANDesk server is doesn't "see" the original site's certifitcate, only that received from Zorp. Is LANDesk server verify the source site certificate? It can be problem?
Many thanks, Henrik
Bryan Hadzik
says:
UDD requires at least icmp core->client, then 139,445 TCP if you want to push the agent out.
Ben Whitmore
says
in response to Bryan Hadzik:
Hi Peeps, has anyone succesfully configured Microsoft isa 2004 to allow agent communication within a dmz?
Jan Buelens
says:
2 comments:
- TCP/12176 is legacy, at least for windows clients. In 8.7 SP3, apm became a web service. The service is still listening on 12176 to support legacy clients.
- UDP/38293 is not legacy. It's used for remote control discovery. When you click on a machine in the console and the remote control icon doesn't appear, that's because there is no response to UDP/38293.
- UDP/38293 is also used for discovery in SW distribution. In the delivery method, you can specify discovery settings: tcp, udp or both. Tcp is TCP/9595, udp is UDP/38293.
Jason Fortney
says:
Can the list please be updated to include LANDesk Power Manager port information (including WOL). If something's not listed in the "official" port list, it becomes exponentially more difficult to get approved by our network group. In general they're very accommodating about LANDesk ports, but we can't just go to them and tell them we need port XYZ open. And no, they're not interested in reading through LANDesk product manuals...
Jan Buelens
says
in response to Jason Fortney:
Power Management does not use any ports of its own. If you already use SW distribution, then Power Management will work as well. Rolling out a power policy is just like a push distribution: UDP/38293 (discovery) and TCP/9594 (core tol client).
WoL uses UDP/0 by default, but you can change the port (Configure, Services, Scheduler). Wol is tricky to get to work across routers because it is a subnet directed broadcast. Routers are nearly always configured to block subnet directed broadcasts and you will not easily convince your network people to allow them.
csaito
says:
There are some ports that are missing. If this is correct, please add it in this list.
Avocent Management Platform (AMP) service : 8092
SLM (SOAP request to SLM.SlioService :
authentication : 9590
SLM : 9591
LANDesk(R) AMT Notification Service : 9972
| ||||||
Should there not also be a connection from the Console --> Client for port 9535 for remote management? Right now it only lists Core --> Client.