TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Microsoft Edge
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Skype for Business
See all products »
Resources
Channel 9 Video
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Windows Update
Trials
Windows Server 2016
System Center 2016
Windows 10 Enterprise
SQL Server 2016
See all trials »
Related Sites
Microsoft Download Center
Microsoft Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Expert-led, virtual classes
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
Certifications
Certification overview
Special offers
MCSE Cloud Platform and Infrastructure
MCSE: Mobility
MCSE: Data Management and Analytics
MCSE Productivity
Other resources
Microsoft Events
Exam Replay
Born To Learn blog
Find technical communities in your area
Azure training
Official Practice Tests
Support options
For business
For developers
For IT professionals
For technical support
Support offerings
More support
Microsoft Premier Online
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Home
Library
Wiki
Learn
Gallery
Downloads
Support
Forums
Blogs
Resources For IT Professionals
United States (English)
Россия (Pусский)
中国(简体中文)
Brasil (Português)
Skip to locale bar
Post an article
Translate this page
Powered by
Microsoft® Translator
Wikis - Page Details
First published by
Jimmy Salian
When:
29 Aug 2017 6:44 AM
Last revision by
Richard Mueller
(MVP, Microsoft Community Contributor)
When:
8 Aug 2018 6:50 PM
Revisions:
10
Comments:
5
Options
Subscribe to Article (RSS)
Share this
Engage!
Wiki Ninjas Blog
(
Announcements
)
Wiki Ninjas on Twitter
TechNet Wiki Discussion Forum
Can You Improve This Article?
Positively!
Click Sign In to add the tip, solution, correction or comment that will help other users.
Report inappropriate content using
these instructions
.
Wiki
>
TechNet Articles
>
Windows Server 2012R2 Firewall Rules - Inbound and Outbound
Windows Server 2012R2 Firewall Rules - Inbound and Outbound
Article
History
Windows Server 2012R2 Firewall Rules - Inbound and Outbound
This article is all about allowing Standard Windows Server to communicate with the existing servers in the environment that are domain joined such as LDAP Servers for Authentication, SCOM for monitoring and SCCM for deploying updates and patches including Software deployment.
In many such cases we are left to investigate issues that are either Network Firewall related, Antivirus Software that have inbuilt Firewall policies or Windows Firewall that block communications if they are not configured with allow rules or configured with exceptions.
There are cases when Administrator have to remotely manage Servers to gather information or to deploy a script and if Windows Firewall is not setup correctly someone has to either login via Console or if it is physical server it will be a physical visit to the Datacentre to allow remote management for managing the servers.
Below set of Firewall rules can be deployed via Group Policy (
TechNet Article Link
)or via a script and hope this useful to setup Windows Servers with default set of policies and rules.
These rule sets are standard set of rules that allows default ports to communicate within the environment to manage and control the Server estate.
As always these are set of rules that is deployed on Test Environment as we have implemented secure Network lockdown to mimic my Production environment, so please implement this in your test/development environment prior to creating the policies in the Production environment.
Purpose of these wiki is to allow administrator to create a template that allows standard communication between the Servers in an secure lockdown environment and to be confident that Server policy is configured at the appropriate lockdown settings.
Inbound Rules
Name
Protocol
Local Port
Remote Port
ALL ICMP V4
ICMPv4
Any
Any
Core Networking - Destination Unreachable (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In)
ICMPv4
Any
Any
Core Networking - Dynamic Host Configuration Protocol (DHCP-In)
UDP
68
67
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-In)
UDP
546
547
Core Networking - Internet Group Management Protocol (IGMP-In)
IGMP
Any
Any
Core Networking - IPv6 (IPv6-In)
IPv6
Any
Any
Core Networking - Multicast Listener Done (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Multicast Listener Query (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Multicast Listener Report (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Multicast Listener Report v2 (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Packet Too Big (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Parameter Problem (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Router Advertisement (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Router Solicitation (ICMPv6-In)
ICMPv6
Any
Any
Core Networking - Time Exceeded (ICMPv6-In)
ICMPv6
Any
Any
File Server Remote Management (DCOM-In)
TCP
135
Any
File Server Remote Management (SMB-In)
TCP
445
Any
File Server Remote Management (WMI-In)
TCP
RPC Dynamic Ports
Any
AD Global Catalog
TCP
3268
Any
AD Global Catalog Secure
TCP
3269
Any
AD Kerberos TCP
TCP
88
Any
AD Kerberos UDP
UDP
88
Any
AD DNS TCP
TCP
53
Any
AD DNS UDP
UDP
53
Any
AD LDAP
TCP
389
Any
AD LDAP Secure
TCP
636
Any
Time Service
UDP
123
Any
Remote Desktop - Shadow (TCP-In)
TCP
Any
Any
Remote Desktop - User Mode (TCP-In)
TCP
3389
Any
Remote Desktop - User Mode (UDP-In)
UDP
3389
Any
Remote Service Management (NP-In)
TCP
445
Any
Remote Service Management (RPC)
TCP
RPC Dynamic Ports
Any
Remote Service Management (RPC-EPMAP)
TCP
RPC Endpoint Mapper
Any
SMC Service
UDP
Any
Any
SMC Service
TCP
Any
Any
SNAC Service
TCP
Any
Any
SNAC Service
UDP
Any
Any
SCCM Client - Http
Http
80
Any
SCCM Client - Https
Https
443
Any
SCCM Client UDP
UDP
135
Any
SCCM Client UDP
UDP
137
Any
SCCM Client UDP
UDP
138
Any
SCCM Client
TCP
139
Any
SCCM Client Notification
TCP
10123
Any
SCCM Remote Control
TCP
2701
Any
SCOM Agent
TCP
5723
Any
SQL Server Access
TCP
1433
Any
Windows Firewall Remote Management (RPC)
TCP
RPC Dynamic Ports
Any
Windows Firewall Remote Management (RPC-EPMAP)
TCP
RPC Endpoint Mapper
Any
Windows Remote Management (HTTP-In)
TCP
5985
Any
WSUS
TCP
8530
Any
WSUS
TCP
8531
Any
Windows KMS License
TCP
1688
Any
Outbound Rules
SCCM Client
TCP
10123
Any
SCCM Client WSUS
TCP
8530
Any
SCCM Client WSUS
TCP
8531
Any
SCCM Multicast
TCP
63000-64000
Any
SCCM PXE DP
UDP
67-69
Any
SCCM PXE ProxyDHCP
UDP
4011
Any
SCCM Client - Http
Http
80
Any
SCCM Client - Https
Https
443
Any
SCOM Agent
TCP
5723
Any
AD Global Catalog
TCP
3268
Any
AD Global Catalog
TCP
3269
Any