ZENworks TCP and UDP Ports

1.0 Appliance

The following table contains information about the various ports that need to be configured for the ZENworks Appliance.

Item

Ports

Mandatory

Configurable

Firewall Requirement

Additional Details

TCP Ports

9080

Yes

No

Open TCP Port

Used by the monitoring tool to access the server.

 

9443

Yes

No

Open TCP Port

Used to administer the appliance.

 

8081

No

Yes

Open TCP Port

Kafka: Used by Kafka Schema Registry.

 

9093

No

Yes

Open TCP port

Kafka: Used by Kafka

 

8083

No

Yes

Open TCP port

Kafka: Used by Kafka connect

 

5433

No

No

Open TCP port

Vertica: Used by Vertica client (vsql, ODBC, JDBC) port. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

 

5434

No

No

Open TCP port

Vertica: Used by Vertica intra and inter-cluster communication. Vertica opens the Vertica client port +1 (5434 by default) for intra-cluster communication, such as during a plan. If the port +1 from the default client port is not available, then Vertica opens a random port for intra-cluster communication.

For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation

 

5450

No

No

Open TCP port

Vertica: used for Vertica Management Console. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation

 

5444

No

No

Open TCP port

Vertica: used for Vertica Management Console. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation

 

4804

No

No

Open TCP port

Vertica: Daemon to Daemon Connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

UDP Ports

5433

No

No

Open UDP port

Vertica: spread monitoring. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

 

4804

No

No

Open UDP port

Vertica: Daemon to daemon connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

 

4803

No

No

Open UDP Port

Vertica: Daemon to daemon connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

 

6543

No

No

Open UDP Port

Vertica: Monitor to daemon connection. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation.

 

7449

Yes

No

Open UDP Port

Default port using which ZENworks installer web application is hosted.

2.0 Antimalware Service

The following table lists the operational and diagnostic ports required for an Antimalware Service on the primary server:

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

61100

Used for Diagnostics of ZENworks Antimalware Service.

61195

Used for ZENworks Antimalware Service.

3.0 Patch Service

The following table lists the operational and diagnostic ports required for a Patch Service on the primary server:

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

61200

Used for ZENworks Patch Service.

61295

Used for Diagnostics of ZENworks Patch Service.

4.0 Primary Servers

The following table contains information on the default ports used by the ZENworks Primary Server:

Item

Ports

Requirement

Configurable

Firewall Requirement

Additional Details

Firewall Settings: TCP bound Ports

443

Mandatory

Yes

Open TCP Port

This port is used by the API Gateway service to serve incoming agent requests.

This port is used to upload the collection data, such as inventory and system messages from the managed device to the Primary Server.

This port is also used for CASA authentication. Opening this port allows ZENworks to manage devices outside of the firewall. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices. If other services are running on this port, such as Apache, the installation program asks you for new ports to use. If you plan to use AdminStudio ZENworks Edition, it requires that the Primary Server is using this port.

Primary Servers functioning as Ondemand Content Masters download patch content via this port. Ensure that the Primary Server’s firewall rules provide the exceptions listed in Enabling Firewall Access to Patch Vendor URLs in ZENworks Patch Management Reference. In addition, Primary Servers functioning as Patch Servers use this port for license verification. Ensure that the Primary Server is configured to allow license verification as described in Configuring the Patch Server in ZENworks Patch Management Reference.

Primary Server performs the ZENworks System Update Entitlement activation over HTTP (port 443) using the secure-www.novell.com website. This rule can be turned off after successfully completing the entitlement activation. For more information, see the ZENworks System Updates Reference

 

 

 

 

 

Primary Server downloads system update related information and content over HTTP (port 443) using the nu.novell.com website. For more information see Managing Update Downloads in the ZENworks System Updates Reference

NOTE:You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks.

 

443 and 2197

Required

No

Open TCP port

Used by ZENworks MDM Servers to communicate with the Apple Push Notification service (APNs).

Used for CASA authentication. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices when port 443 is busy.

 

998

Required

No

Open TCP port

Used by the Preboot Server (novell-pbserv).

The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management.

 

2645

Mandatory

No

Open TCP port

Default CASA port for authentication

 

5502

Required

Yes

Open TCP port

Used by the zen loader remote event module to notify configuration changes to other loader modules.

 

5550

Required

Yes

Open TCP port

Used by Remote Management Listener by default.You can change this port in the Remote Management Listener dialog box in ZENworks Control Center.

Remote Management is used only with ZENworks Configuration Management.

 

5950

Required

Yes

Open TCP port

Used by the Remote Management service, by default. You can change this port in the Remote Management Settings panel of the Remote Management Configuration page in ZENworks Control Center.

Remote Management is used only with ZENworks Configuration Management.

 

6789

Required

Yes

Open TCP port

Used by ZooKeeper for incoming client connections.

 

6790 and 6791

Required

Yes

Open TCP port

Used by ZooKeeper as leader connection port and leader election port, respectively.

 

7019

No

Yes

Open TCP port

Used by Join Proxy.

 

7443

Required

Yes

Open TCP Port

This port is used to access ZENworks Control Center.

NOTE:You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks.

 

7444

Mandatory

No

Open TCP port

Used to view the system update status of servers and managed devices.

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

 

8005

Mandatory

No

Open TCP port

Used by Tomcat to listen to shutdown requests. This is a local port, and cannot be accessed remotely.

 

9971

Mandatory

No

Open TCP port

Used by AMT Hello Listener to discover the Intel AMT devices.

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61491

Mandatory

No

Open TCP Port

Used for Diagnostics of the ZENworks Loader Service.

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61492

Required

No

Open TCP Port

Used for Diagnostics of the ZENworks JoinProxy Service.

IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked.

 

61495

Required

No

Open TCP port

Used for Diagnostics of the ZENworks Administration Management Service

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

 

61496

Required

No

Open TCP port

Used for Diagnostics of the ZENworks Client Management Service

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

 

61498

Required

No

Open TCP port

Used for Diagnostics of the ZENworks API Gateway

IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked.

Firewall Settings: UDP Ports

67

Mandatory

No

Open UDP port

Used by proxy DHCP when it is not running on the same device as the DHCP server.

 

69

Mandatory

No

Open UDP port

The Imaging TFTP is used only with ZENworks Configuration Management.

For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections.

This is because the initial connection is done on port 69; however, it continues communication on a random UDP port.

 

997

Required

No

Open UDP port

Used by the Imaging Server for multicasting.

The Imaging Server is used only with ZENworks Configuration Management.

 

1761

No

No

Open UDP port

Used to forward subnet-oriented broadcast magic packets for Wake-On-LAN.

 

4011

Required

No

Open UDP port

Used for proxy DHCP when it is running on the same device as the DHCP server. Make sure that the firewall is configured to allow the broadcast traffic to the proxy DHCP service.

 

13331

Required

No

Open UDP port

Used by the zmgpreboot policy, but will not work across firewall because it opens a random UDP port for each PXE device.

The zmgpreboot policy is used only with ZENworks Configuration Management.

 

6001

Mandatory

No

NA

Used for certificate activation. There is no firewall requirement for this port.

 

31582

No

Yes

NA

Used when the Configure Action (microfocus-zenworks-configure) is running in the service mode. If this port is in use, a different port can be specified by configuring the service.port in the microfocus-zenworks-configure-service.properties file. There is no firewall requirement for this port.

5.0 Satellite Servers

This sections list the ports used by Satellite Servers:

5.1 Windows Devices

The following table contains information on the Windows Satellite Server Ports:

Item

Ports

Mandatory

Configurable

Firewall Requirement

Additional Details

Firewall Settings: Open TCP Ports

80

No

Yes

Open TCP Port

Used for content replication. Content is transferred between Satellite Servers and managed devices using this port.

Used by the Collection Role to receive file uploads from managed devices.

NOTE:Collection Role can be enabled over SSL if required.

443

No

Yes

Open TCP Port

Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port.

Used for CASA authentication.

 

998

No

No

Open TCP Port

Used by the Preboot Server (novell-pbserv).

The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management.

 

7019

No

Yes

Open TCP Port

Used by Join Proxy.

 

7628

Yes

No

Open TCP port

Used by the Adaptive Agent.

Firewall Settings: Open UDP Ports

67

No

No

Open UDP Port

Used by proxy DHCP when it is not running on the same device as the DHCP server.

 

69

No

No

Open UDP Port

The Imaging TFTP is used only with ZENworks Configuration Management.

For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections.

This is because the initial connection is done on port 69; however, it continues communication on a random UDP port.

 

997

No

No

Open UDP Port

Used by the Imaging Server for multicasting.

The Imaging Server is used only with ZENworks Configuration Management.

4011

No

No

Open UDP Port

Used for proxy DHCP when it is running on the same device as the DHCP server. Ensure that the firewall is configured to allow the broadcast of traffic to the proxy DHCP service.

13331

No

No

Open UDP Port

Used by the zmgpreboot policy, but will not work across the firewall because it opens a random UDP port for each PXE device.

The zmgpreboot policy is used only with ZENworks Configuration Management.

5.2 Linux Devices

The following table contains information on the Linux Device Ports:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP Ports

80

No

Yes

Open TCP port

Used for content replication. Content is transferred between Satellite Servers and managed devices using this port.

Used by the Collection Role to receive file uploads from managed devices.

Collection Role can be enabled over SSL if required.

443

No

Yes

Open TCP port

Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port.

Used for CASA authentication.

 

998

No

No

Open TCP port

Used by Preboot Server (novell-pbserv).

The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management.

 

7628

Yes

No

Open TCP port

Used by the Adaptive Agent.

 

7019

No

Yes

Open TCP port

Used by Join Proxy.

Firewall Settings: Open UDP Ports

67

No

No

Open UDP port

Used by proxy DHCP when it is not running on the same device as the DHCP server.

 

69

No

No

Open UDP Port

The Imaging TFTP is used only with ZENworks Configuration Management.

For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections.

This is because the initial connection is done on port 69; however, it continues communication on a random UDP port.

 

997

No

No

Open UDP port

Used by the Imaging Server for multicasting.

The Imaging Server is used only with ZENworks Configuration Management.

4011

No

No

Open UDP port

Used for proxy DHCP when it is running on the same device as the DHCP server.Ensure that the firewall is configured to allow the broadcast traffic to the proxy DHCP service.

13331

No

No

Open UDP Port

Used by the zmgpreboot policy, but will not work across the firewall because it opens a random UDP port for each PXE device.

The zmgpreboot policy is used only with ZENworks Configuration Management.

5.3 Macintosh Devices

The following table contains information on the Macintosh Device Ports:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP Ports

80

No

Yes

Open TCP port

Used for HTTP non-secure port.

 

7628

Yes

No

Open TCP port

Used by the Adaptive Agent.

 

443

No

Yes

Open TCP port

Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port.

6.0 Managed Devices

6.1 Windows

The following table lists the ports used by the Windows managed devices:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP Ports

7628

Yes

No

Open TCP Port

In order to view the status of the ZENworks Adaptive Agent for a managed device in ZENworks Control Center, ZENworks automatically opens port 7628 on the device if you are using the Windows firewall. However, if you are using a different firewall, you must open this port manually.

Port 7628 must also be opened on the device if you want to send a Quick Task to the client from ZENworks Control Center.

 

5950

No

Yes

Open TCP Port

For Remote Management where the ZENworks Adaptive Agent is running, the device listens on port 5950.

You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management).

Remote Management is used only with ZENworks Configuration Management.

6.2 Linux

The following table lists the ports used by the Linux managed devices:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP Ports

7628

Yes

No

Open TCP Port

You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks.

 

5950

No

Yes

Open TCP Port

For Remote Management where the ZENworks Adaptive Agent is running, the device listens on port 5950.You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management).Remote Management is used only with ZENworks Configuration Management.

 

5951

No

Yes

Open TCP Port

Used by Remote Management for linux remote login.You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management).

6.3 Macintosh

The following table lists the ports used by the Macintosh managed devices:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP Ports

7628

Yes

No

Open TCP Port

You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks.

7.0 ZENworks Agent

The following table lists the ports that need to be configured for ZENworks Agent

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

Firewall Settings: Open TCP ports

135, 139, 445, 593

Yes

No

Open TCP Ports

Since the Remote WMI connection establishes an RPC connection with the target Windows device, these TCP ports must be allowed by the Windows Firewall of the target device for the WMI discovery technology. Ports 139 and 445 are also required to access the Print Spooler.

Firewall Settings: Open UDP ports

161,162

Yes

No

Open UDP Ports

These are the default ports used by SNMP.

(Optional) Firewall Settings: Open TCP and UDP ports

42, 137

No

No

Open TCP and UDP ports

These are the default WINS replication ports.

(Optional) Firewall Settings: Open TCP ports

515

No

No

Open TCP ports

This is the default port to access the Print Server.

8.0 ZENworks Application

The following table lists the ports that need to be configured for ZENworks Application

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

7268

This is the default port for communication between the ZAPP UI and the ZENWorks agent service.

7269

This is the default port for websocket communication between the ZENWorks agent service and the ZAPP UI using the WebSocket protocol.

9.0 Remote Management

9.1 Windows Devices

The following table lists the ports that need to be configured for Remote Management Ports of Windows devices:

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

5950

By default, the Remote Management service runs on this port.

 

5550

Remote Management Listener runs on this port.

 

5750

By default, the remote management proxy listens on this port.

9.2 Linux Devices

The following table lists the ports that need to be configured for Remote Management Ports of Linux devices:

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

5950

By default, the Remote Management service runs on this port.

 

5951

Remote Management service for Remote Login runs on this port.

 

5750

By default, the remote management proxy listens on this port.

10.0 Remote Management - Using Join Proxy

The following table lists the ports that need to be configured for Remote Management using Join Proxy:

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

7019

By default, the port on which the Join Proxy listens for a connection.

11.0 User Sources

The following table lists the ports that need to be configured to access the User Source.

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

636

Default SSL port while configuring the User Source.

389

Default non-SSL port while configuring the User Source.

NOTE:If the LDAP server is listening on a different port, you must ensure that the port is opened for the Primary Servers and Authentication Satellite Servers to talk to the LDAP Server.

12.0 Databases

The following table lists the ports that need to be configured for the databases.

Item

Ports

Additional Details

Firewall Settings: Open TCP Ports

1433

Default port for the Microsoft SQL database.

1521

Default port for the Oracle database.

 

54327

Default port for the embedded and PostgreSQL

NOTE:You can change the default port number if there is a conflict. However, you must ensure that the port is opened for the Primary Server to talk to the database.

13.0 ZENworks Reporting

The following table lists the ports that need to be configured for ZENworks Reporting:

Item

Ports

Mandatory

Configurable

Firewall Requirements

Additional Details

TCP Ports

443

Yes

No

Open TCP port

Port used by the Primary Server in the Management Zone.

636

No

Yes

Open TCP port

Default SSL port while configuring the User Source.

389

No

Yes

Open TCP port

Default non-SSL port while configuring the User Source.

 

25

Yes

No

Open TCP port

Default port on which the SMTP server listens during the configuration of the outbound email server settings to send email notifications and reports.

 

9080

Yes

No

Open TCP port

Port used to enable the Ganglia monitoring tool to access the server.

 

9443

Yes

No

Open TCP port

Port used to administer the appliance and configure ZENworks Reporting.

 

9005

Yes

No

NA

Used by Tomcat to listen to shutdown requests. This is a local port, and cannot be accessed remotely.

14.0 Legal Notice

For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/en-us/legal.

© Copyright 2008 - 2023 Open Text

The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.