E.0 TCP and UDP Ports Used by ZENworks Primary Servers

The following table lists the default TCP and UDP ports that are used by ZENworks Primary Servers. These ports are opened automatically when installing a Primary Server.

Item

Requirement

Additional Details

Firewall Settings: TCP Inbound Ports

80 and 443

Port 80 is for Tomcat non-secure port and Port 443 is for Tomcat secure port.

Port 443 is also used for CASA authentication. Opening this port allows ZENworks to manage devices outside of the firewall. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices.

If other services are running on ports 80 and 443, such as Apache, the installation program asks you for new ports to use.

If you plan to use AdminStudio ZENworks Edition, it requires that the Primary Server is using ports 80 and 443.

 

998

Used by the Preboot Server (novell-pbserv).

The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management.

Firewall Settings: TCP Outbound Ports

80 and 443

Primary Server downloads patch license related information and checksum data over HTTPS (port 443), and the actual patch content files over HTTP (port 80). ZENworks Patch Management license information is obtained from the Lumension licensing server, the patch content and checksum data is retrieved from an AKAMAI hosted content distribution network (novell.cdn.lumension.com). You must make sure that the firewall rules allow outbound connections to these addresses because the patch content distribution network is a large fault tolerant network of cache servers.

Primary Server performs the ZENworks System Update Entitlement activation over HTTP (port 443) using the secure-www.novell.com website. This rule can be turned off after successfully completing the entitlement activation.

For more information, see the ZENworks 11 SP4 System Updates Reference.

Primary Server downloads system update related information and content over HTTP (port 443) using the you.novell.com website.

For more information see Managing Update Downloads in the ZENworks 11 SP4 System Updates Reference.

NOTE:You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks.

 

2645

Used for CASA authentication. Opening this port allows ZENworks to manage devices outside of the firewall. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices.

 

5550

Used by Remote Management Listener by default.You can change this port in the Remote Management Listener dialog box in ZENworks Control Center.

Remote Management is used only with ZENworks Configuration Management.

 

5750

Used by Remote Management proxy.

Remote Management is used only with ZENworks Configuration Management.

 

5950

Used by Remote Management service by default. You can change this port in the Remote Management Settings panel of the Remote Management Configuration page in ZENworks Control Center.

Remote Management is used only with ZENworks Configuration Management.

 

7019

Used by Join Proxy

 

7628

Used by the Adaptive Agent for Quick Tasks.

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

8005

Used by Tomcat to listen to shutdown requests. This is a local port, and cannot be accessed remotely.

 

8009

Used by Tomcat AJP connector.

 

9971

Used by AMT Hello Listener to discover the Intel AMT devices.

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61491

Used for Diagnostics of ZENworks Loader Service

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61492

Used for Diagnostics of ZENworks JoinProxy Service

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61493

Used for Diagnostics of ZENworks CASA Service

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61494

Used for Diagnostics of ZENworks Xplat Agent Service

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

 

61495

Used for Diagnostics of ZENworks Server Service

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

Firewall Settings: UDP Ports

67

Used by proxy DHCP when it is not running on the same device as the DHCP server.

 

69

Used by the Imaging TFTP, but will not work across firewall because it opens random UDP port for each PXE device.

The Imaging TFTP is used only with ZENworks Configuration Management.

 

997

Used by the Imaging Server for multicasting.

The Imaging Server is used only with ZENworks Configuration Management.

 

1761

Port 1761 on the router is used to forward subnet-oriented broadcast magic packets for Wake-On-LAN.

 

4011

Used for proxy DHCP when it is running on the same device as the DHCP server. Make sure that the firewall is configured to allow the broadcast traffic to the proxy DHCP service.

 

13331

Used by the zmgpreboot policy, but will not work across firewall because it opens random UDP port for each PXE device.

The zmgpreboot policy is used only with ZENworks Configuration Management.