Firewall ports and K2

This topic is intended as a quick reference to the ports commonly used in a K2 implementation. If firewalls exist between the servers in a K2 environment, between K2 and the systems it integrates with, or between K2 servers and client machines that connect to K2, you may need to open ports in Firewalls to allow network traffic to flow between these machines. You can use the guide below as reference.

This topic is intended as a general guide and is not a comprehensive listing of all ports and protocols that may be required in all possible K2 installations. Your network infrastructure, use case of K2 or integration between K2 and other systems or custom extensions may require additional ports or different ports than the ones described in the table below.
The port numbers listed below are the Default Port numbers. It is possible that certain port numbers may be different in your environment.
You can sort the table contents by clicking any of the column headings.
Category Port Number/Port Ranges1 Direction (as viewed from K2 Server)2 Protocol/Traffic Type Component/Usage and notes
Infrastructure 25 Outbound TCP SMTP, used for workflow emails and notifications.
Infrastructure 53 Outbound TCP + UDP DNS and DNS-UDP. User and Computer Authentication, Name Resolution, Trusts
Infrastructure 88 Outbound TCP + UDP Kerberos and Kerberos-UDP (Authentication), User and Computer Authentication, Forest Level Trusts
Infrastructure 123 Outbound UDP WinTime (Windows Time Service)
Infrastructure 135 Outbound TCP RP, EPM. Replication
Infrastructure 137 Outbound UDP NetLogon-UDP. AD User and Computer Authentication. NetLogon, NetBIOS Name Resolution
Infrastructure 138 Outbound UDP DFSN, Group Policy. DFSN, NetLogon, NetBIOS Datagram Service
Infrastructure 139 Outbound TCP NetLogon-TCP. User and Computer Authentication, Replication. DFSN, NetBIOS Session Service, NetLogon
Infrastructure 389 Inbound + Outbound TCP + UDP LDAP and LDAP-UDP (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 445 Outbound TCP + UDP SMB (File Transfer),CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc. Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 464 Outbound TCP + UDP PWChange, PWChange-UDP (Password Change)
Infrastructure 587 Outbound TCP MSA Microsoft Secured Email, used for workflow emails and notifications.
Infrastructure 636 Inbound + Outbound TCP + UDP LDAP-SSL (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 3268 Outbound TCP LDAP-GC (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 3269 Outbound TCP LDAP-GC-SSL (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 5722 Outbound TCP RPC, DFSR, File Replication
Infrastructure 5725 Outbound TCP + UDP Active Directory
Infrastructure 9389 Outbound TCP AD-WEB-SERVICES (Active Directory)
Infrastructure 1025-5000 Outbound TCP + UDP Active Directory and AD-Dyn-UDP1 dynamic range: RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS, AD-Dyn-TCP1 Replication, User and Computer Authentication, Group Policy, Trusts
Infrastructure 49152-65535 Outbound TCP + UDP Active Directory and AD-Dyn-UDP2 dynamic range: RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS. AD-Dyn-TCP2.Replication, User and Computer Authentication, Group Policy, Trusts
Integration 80 Outbound HTTP Integration with any HTTP services in customer environment, including Exchange Web Services (EWS), Microsoft Dynamics CRM, SharePoint and others. Port number may be different depending on the configuration of the target system.
Integration 443 Outbound HTTPS Integration with any HTTPS services in customer environment, including Exchange Web Services, Microsoft Dynamics CRM, SharePoint and others. Port number m ay be different depending on the configuration of the target system.
Integration 1433 Outbound TCP Default port for SQL Server. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration)From an integration perspective, this port is only required when the SQL Service Broker is used to connect to a SQL Server. See https://support.microsoft.com/en-us/kb/287932.
Integration 1521 Outbound TCP Only required if Oracle Service Broker is used. Allow access to the TNS listener port (Typically 1521)
Integration (Others…) (Depends on behavior) (Depends on behavior) For custom Service Brokers, ports will depend on the communication mechanism and protocol used. Custom Service Brokers are typically described during the onboarding process. If these brokers require specific ports to be opened, those ports should be opened as well.
Integration 32xx
33xx
Outbound TCP Integration with SAP when K2 Connect is installed. xx is the SAP system number, for example for SAP System number 00, the required ports would be 3200 and 3300.
Integration 443 (WinRM 1.1)
5986 (WinRM 2.0)
Inbound + Outbound HTTPS Exchange Mailbox events (HTTPS). See https://msdn.microsoft.com/en-us/library/ee309369(v=vs.85).aspx for information on Windows Remote Management
Integration 80 (WinRM1.1)
5985(WinRM2.0)
Inbound + Outbound HTTP Exchange Mailbox events (HTTP). See https://msdn.microsoft.com/en-us/library/ee309369(v=vs.85).aspx for information on Windows Remote Management
K2 Platform 80 Inbound HTTP K2 Web Sites and Services (Note: port number may be different if the K2 web sites are configured with another port number)
K2 Platform 443 Inbound HTTPS K2 Web Sites and Services, when secured via HTTPS. (Note: port number may be different if the K2 web sites are configured with another port number)
K2 Platform 1433 Inbound + Outbound TCP Default port for SQL Server. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration) From an K2 platform perspective, this port is required to allow the K2 server to interact with he K2 database on a SQL instance. See https://support.microsoft.com/en-us/kb/287932.
K2 Platform 5022 Inbound + Outbound TCP AlwaysOn Endpoint. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration)From an K2 platform perspective, this port is only required when AlwaysOn is enabled on the K2 Database SQL instance.
K2 Platform 5252 Inbound + Outbound RPC + TCP K2 workflow client connections (outgoing if K2 server is connecting to other K2 servers via client), as well as connections from K2 thick-client design tools.
K2 Platform 5555 Inbound + Outbound RPC + TCP K2 Host Server connections from client assemblies (outgoing if K2 server is connecting to other K2 servers via client), as well as connections from K2 thick-client design tools.
K2 Platform 5560 Inbound + Outbound HTTPS K2 Configuration Service connections. Incoming connections from the product or setup manager to update feature and service states, changes to install variables and shard configuration. Outgoing connections to provide requested configuration information on services, features, shards and K2 variables.
K2 Platform 8085 Inbound TCP K2 connect service (only required of K2 connect is installed)
K2 Platform 8888 Inbound HTTP WCF and REST SmartObject services endpoints
K2 Platform 49599 Inbound + Outbound TCP Discovery Service for standalone servers
The Discovery Service port is used in legacy versions of K2, but is not used in K2 Five.
K2 Platform 49600 Inbound + Outbound TCP Discovery Service for K2 server farm
The Discovery Service port is used in legacy versions of K2, but is not used in K2 Five.
K2 Platform 1024-65535 Inbound RPC/UDP Distributed Transaction Coordinator is only needed when K2 4.7 is upgraded to K2 Five (Dynamic Ports). Used when developer workstations running K2 Studio/K2 for Visual Studio deploy SmartObjects to K2. (Note: The Dynamic range is configurable, see https://simpleverse.wordpress.com/2012/08/23/how-to-configure-ms-dtc-through-a-firewall/). DTC must be enabled through the entire stack, from the client workstations through to the SQL Server
Table Notes
1The port numbers listed are the Default Port numbers. It is possible that certain port numbers may be different in your environment
2Direction is defined from the viewpoint of the K2 server, i.e. the K2 server sends Outgoing traffic of type TCP on Port 636 for LDAP-SSL operations.

You may also want to refer to the following resources for further configuration information and troubleshooting resources: