Firewall ports
This topic is intended as a quick reference to the ports commonly used in a product implementation. If firewalls exist between the servers in an environment, between the product and the systems it integrates with, or between servers and client machines that connect to the product system, you may need to open ports in Firewalls to allow network traffic to flow between these machines. You can use the guide below as reference.
This topic is intended as a general guide and is not a comprehensive listing of all ports and protocols that may be required in all possible installations. Your network infrastructure, use case of the prouct or integration between the product and other systems or custom extensions may require additional ports or different ports than the ones described in the table below.
The port numbers listed below are the Default Port numbers. It is possible that certain port numbers may be different in your environment.
You can sort the table contents by clicking any of the column headings.
| Category | Port Number/Port Ranges1 | Direction (as viewed from K2 Server)2 | Protocol/Traffic Type | Component/Usage and notes |
|---|---|---|---|---|
| Infrastructure | 25 | Outbound | TCP | SMTP, used for workflow emails and notifications. |
| Infrastructure | 53 | Outbound | TCP + UDP | DNS and DNS-UDP. User and Computer Authentication, Name Resolution, Trusts |
| Infrastructure | 88 | Outbound | TCP + UDP | Kerberos and Kerberos-UDP (Authentication), User and Computer Authentication, Forest Level Trusts |
| Infrastructure | 123 | Outbound | UDP | WinTime (Windows Time Service) |
| Infrastructure | 135 | Outbound | TCP | RP, EPM. Replication |
| Infrastructure | 137 | Outbound | UDP | NetLogon-UDP. AD User and Computer Authentication. NetLogon, NetBIOS Name Resolution |
| Infrastructure | 138 | Outbound | UDP | DFSN, Group Policy. DFSN, NetLogon, NetBIOS Datagram Service |
| Infrastructure | 139 | Outbound | TCP | NetLogon-TCP. User and Computer Authentication, Replication. DFSN, NetBIOS Session Service, NetLogon |
| Infrastructure | 389 | Inbound + Outbound | TCP + UDP | LDAP and LDAP-UDP (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 445 | Outbound | TCP + UDP | SMB (File Transfer),CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc. Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 464 | Outbound | TCP + UDP | PWChange, PWChange-UDP (Password Change) |
| Infrastructure | 587 | Outbound | TCP | MSA Microsoft Secured Email, used for workflow emails and notifications. |
| Infrastructure | 636 | Inbound + Outbound | TCP + UDP | LDAP-SSL (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 3268 | Outbound | TCP | LDAP-GC (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 3269 | Outbound | TCP | LDAP-GC-SSL (Active Directory). Directory, Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 5722 | Outbound | TCP | RPC, DFSR, File Replication |
| Infrastructure | 5725 | Outbound | TCP + UDP | Active Directory |
| Infrastructure | 9389 | Outbound | TCP | AD-WEB-SERVICES (Active Directory) |
| Infrastructure | 1025-5000 | Outbound | TCP + UDP | Active Directory and AD-Dyn-UDP1 dynamic range: RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS, AD-Dyn-TCP1 Replication, User and Computer Authentication, Group Policy, Trusts |
| Infrastructure | 49152-65535 | Outbound | TCP + UDP | Active Directory and AD-Dyn-UDP2 dynamic range: RPC, DCOM, EPM, DRSUAPI, NetLogonR, SamR, FRS. AD-Dyn-TCP2.Replication, User and Computer Authentication, Group Policy, Trusts |
| Integration | 80 | Outbound | HTTP | Integration with any HTTP services in customer environment, including Exchange Web Services (EWS), Microsoft Dynamics CRM, SharePoint and others. Port number may be different depending on the configuration of the target system. |
| Integration | 443 | Outbound | HTTPS | Integration with any HTTPS services in customer environment, including Exchange Web Services, Microsoft Dynamics CRM, SharePoint and others. Port number m ay be different depending on the configuration of the target system. |
| Integration | 1433 | Outbound | TCP | Default port for SQL Server. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration)From an integration perspective, this port is only required when the SQL Service Broker is used to connect to a SQL Server. See https://support.microsoft.com/en-us/kb/287932. |
| Integration | 1521 | Outbound | TCP | Only required if Oracle Service Broker is used. Allow access to the TNS listener port (Typically 1521) |
| Integration | (Others…) | (Depends on behavior) | (Depends on behavior) | For custom Service Brokers, ports will depend on the communication mechanism and protocol used. Custom Service Brokers are typically described during the onboarding process. If these brokers require specific ports to be opened, those ports should be opened as well. |
| Integration | 32xx 33xx |
Outbound | TCP | Integration with SAP when Nintex K2 Connect is installed. xx is the SAP system number, for example for SAP System number 00, the required ports would be 3200 and 3300. |
| Integration | 443 (WinRM 1.1) 5986 (WinRM 2.0) |
Inbound + Outbound | HTTPS | Exchange Mailbox events (HTTPS). See https://msdn.microsoft.com/en-us/library/ee309369(v=vs.85).aspx for information on Windows Remote Management |
| Integration | 80 (WinRM1.1) 5985(WinRM2.0) |
Inbound + Outbound | HTTP | Exchange Mailbox events (HTTP). See https://msdn.microsoft.com/en-us/library/ee309369(v=vs.85).aspx for information on Windows Remote Management |
| Nintex Automation Platform | 80 | Inbound | HTTP | Web Sites and Services (Note: port number may be different if the product web sites are configured with another port number) |
| Nintex Automation Platform | 443 | Inbound | HTTPS | Web Sites and Services, when secured via HTTPS. (Note: port number may be different if the product web sites are configured with another port number) |
| Nintex Automation Platform | 1433 | Inbound + Outbound | TCP | Default port for SQL Server. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration) From a platform perspective, this port is required to allow the server to interact with the K2 database on a SQL instance. See https://support.microsoft.com/en-us/kb/287932. |
| Nintex Automation Platform | 5022 | Inbound + Outbound | TCP | AlwaysOn Endpoint. (Note: port number may be different for a specific SQL instance, it depends on the SQL instance's configuration)From a platform perspective, this port is only required when AlwaysOn is enabled on the K2 Database SQL instance. |
| Nintex Automation Platform | 5252 | Inbound + Outbound | RPC + TCP | Workflow client connections (outgoing if the server is connecting to other servers via client), as well as connections from the systems thick-client design tools. |
| Nintex Automation Platform | 5555 | Inbound + Outbound | RPC + TCP | Host Server connections from client assemblies (outgoing if server is connecting to other servers via client), as well as connections from the systems thick-client design tools. |
| Nintex Automation Platform | 5560 | Inbound + Outbound | HTTPS | K2 Configuration Service connections. Incoming connections from the product or setup manager to update feature and service states, changes to install variables and shard configuration. Outgoing connections to provide requested configuration information on services, features, shards and system variables. |
| Nintex Automation Platform | 8085 | Inbound | TCP | Nintex K2 connect service (only required of Nintex K2 connect is installed) |
| Nintex Automation Platform | 8888 | Inbound | HTTP | WCF and REST SmartObject services endpoints |
| Nintex Automation Platform | 49599 | Inbound + Outbound | TCP | Discovery Service for standalone servers The Discovery Service port is used in legacy versions of K2, but is not used in Nintex Automation. |
| Nintex Automation Platform | 49600 | Inbound + Outbound | TCP | Discovery Service for the systems server farm The Discovery Service port is used in legacy versions of K2, but is not used in Nintex Automation. |
| Nintex Automation Platform | 1024-65535 | Inbound | RPC/UDP | Distributed Transaction Coordinator is only needed when K2 4.7 is upgraded to Nintex Automation(5.7) (Dynamic Ports). Used when developer workstations running K2 Studio/K2 for Visual Studio deploy SmartObjects to the product. (Note: The Dynamic range is configurable, see https://simpleverse.wordpress.com/2012/08/23/how-to-configure-ms-dtc-through-a-firewall/). DTC must be enabled through the entire stack, from the client workstations through to the SQL Server |
| Table Notes
1The port numbers listed are the Default Port numbers. It is possible that certain port numbers may be different in your environment 2Direction is defined from the viewpoint of the server, i.e. the server sends Outgoing traffic of type TCP on Port 636 for LDAP-SSL operations. |
You may also want to refer to the following resources for further configuration information and troubleshooting resources: