" />" />
The information in this document pertains to the default TCP and UDP ports used by ZENworks.
The following table contains information about the various ports that need to be configured for the ZENworks Appliance.
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirement |
Additional Details |
---|---|---|---|---|---|
TCP Ports |
9080 |
Yes |
No |
Open TCP Port |
Used by the monitoring tool to access the server. |
|
9443 |
Yes |
No |
Open TCP Port |
Used to administer the appliance. |
|
8081 |
No |
Yes |
Open TCP Port |
Kafka: Used by Kafka Schema Registry. |
|
9093 |
No |
Yes |
Open TCP port |
Kafka: Used by Kafka |
|
8083 |
No |
Yes |
Open TCP port |
Kafka: Used by Kafka connect |
|
5433 |
No |
No |
Open TCP port |
Vertica: Used by Vertica client (vsql, ODBC, JDBC) port. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
|
5434 |
No |
No |
Open TCP port |
Vertica: Used by Vertica intra and inter-cluster communication. Vertica opens the Vertica client port +1 (5434 by default) for intra-cluster communication, such as during a plan. If the port +1 from the default client port is not available, then Vertica opens a random port for intra-cluster communication. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation |
|
5450 |
No |
No |
Open TCP port |
Vertica: used for Vertica Management Console. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation |
|
5444 |
No |
No |
Open TCP port |
Vertica: used for Vertica Management Console. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation |
|
4804 |
No |
No |
Open TCP port |
Vertica: Daemon to Daemon Connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
UDP Ports |
5433 |
No |
No |
Open UDP port |
Vertica: spread monitoring. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
|
4804 |
No |
No |
Open UDP port |
Vertica: Daemon to daemon connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
|
4803 |
No |
No |
Open UDP Port |
Vertica: Daemon to daemon connections. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
|
6543 |
No |
No |
Open UDP Port |
Vertica: Monitor to daemon connection. For information on all the ports that are to be open for Vertica’s internal purposes, see Vertica documentation. |
The following table lists the operational and diagnostic ports required for an Antimalware Service on the primary server:
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
61100 |
Used for Diagnostics of ZENworks Antimalware Service. |
61195 |
Used for ZENworks Antimalware Service. |
The following table lists the operational and diagnostic ports required for a Patch Service on the primary server:
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
61200 |
Used for Diagnostics of ZENworks Patch Service. |
61295 |
Used for ZENworks Patch Service. |
The following table contains information on the default ports used by the ZENworks Primary Server:
Item |
Ports |
Requirement |
Configurable |
Firewall Requirement |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: TCP bound Ports |
443 |
Mandatory |
Yes |
Open TCP Port |
This port is used by the API Gateway service to serve incoming agent requests. This port is used to upload the collection data, such as inventory and system messages from the managed device to the Primary Server. This port is also used for CASA authentication. Opening this port allows ZENworks to manage devices outside of the firewall. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices. If other services are running on this port, such as Apache, the installation program asks you for new ports to use. If you plan to use AdminStudio ZENworks Edition, it requires that the Primary Server is using this port. Primary Server downloads patch license related information and checksum data over HTTPS (port 443), and the actual patch content files over HTTP (port 80). ZENworks Patch Management license information is obtained from the Ivanti licensing server (novell.patchlink.com), the patch content and checksum data is retrieved from an AKAMAI hosted content distribution network (novell.cdn.lumension.com). You must make sure that the firewall rules allow outbound connections to these addresses because the patch content distribution network is a large fault tolerant network of cache servers. Primary Server performs the ZENworks System Update Entitlement activation over HTTP (port 443) using the secure-www.novell.com website. This rule can be turned off after successfully completing the entitlement activation. For more information, see the ZENworks System Updates Reference |
|
|
|
|
|
Primary Server downloads system update related information and content over HTTP (port 443) using the you.novell.com website. For more information see Managing Update Downloads in the ZENworks System Updates Reference NOTE:You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks. |
|
443 and 2197 |
Required |
No |
Open TCP port |
Used by ZENworks MDM Servers to communicate with the Apple Push Notification service (APNs). Used for CASA authentication. It is a good practice to make sure that the network is configured to always allow communication on this port between the ZENworks Server and ZENworks Agents on managed devices when port 443 is busy. |
|
998 |
Required |
No |
Open TCP port |
Used by the Preboot Server (novell-pbserv). The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management. |
|
2645 |
Mandatory |
No |
Open TCP port |
Default CASA port for authentication |
|
5502 |
Required |
Yes |
Open TCP port |
Used by the zen loader remote event module to notify configuration changes to other loader modules. |
|
5550 |
Required |
Yes |
Open TCP port |
Used by Remote Management Listener by default.You can change this port in the Remote Management Listener dialog box in ZENworks Control Center. Remote Management is used only with ZENworks Configuration Management. |
|
5950 |
Required |
Yes |
Open TCP port |
Used by the Remote Management service, by default. You can change this port in the Remote Management Settings panel of the Remote Management Configuration page in ZENworks Control Center. Remote Management is used only with ZENworks Configuration Management. |
|
6789 |
Required |
Yes |
Open TCP port |
Used by ZooKeeper for incoming client connections. |
|
6790 and 6791 |
Required |
Yes |
Open TCP port |
Used by ZooKeeper as leader connection port and leader election port, respectively. |
|
7019 |
No |
Yes |
Open TCP port |
Used by Join Proxy. |
|
7443 |
Required |
Yes |
Open TCP Port |
This port is used to access ZENworks Control Center. NOTE:You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks. |
|
7444 |
Mandatory |
No |
Open TCP port |
Used to view the system update status of servers and managed devices. IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked. |
|
8005 |
Mandatory |
No |
Open TCP port |
Used by Tomcat to listen to shutdown requests. This is a local port, and cannot be accessed remotely. |
|
9971 |
Mandatory |
No |
Open TCP port |
Used by AMT Hello Listener to discover the Intel AMT devices. IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked. |
|
61491 |
Mandatory |
No |
Open TCP Port |
Used for Diagnostics of the ZENworks Loader Service. IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked. |
|
61492 |
Required |
No |
Open TCP Port |
Used for Diagnostics of the ZENworks JoinProxy Service. IMPORTANT:This is a fixed port.During Installation and Upgrade ensure that this port is not blocked. |
|
61495 |
Required |
No |
Open TCP port |
Used for Diagnostics of the ZENworks Administration Management Service IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked. |
|
61496 |
Required |
No |
Open TCP port |
Used for Diagnostics of the ZENworks Client Management Service IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked. |
|
61498 |
Required |
No |
Open TCP port |
Used for Diagnostics of the ZENworks API Gateway IMPORTANT:This is a fixed port. During Installation and Upgrade ensure that this port is not blocked. |
Firewall Settings: UDP Ports |
67 |
Mandatory |
No |
Open UDP port |
Used by proxy DHCP when it is not running on the same device as the DHCP server. |
|
69 |
Mandatory |
No |
Open UDP port |
The Imaging TFTP is used only with ZENworks Configuration Management. For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections. This is because the initial connection is done on port 69; however, it continues communication on a random UDP port. |
|
997 |
Required |
No |
Open UDP port |
Used by the Imaging Server for multicasting. The Imaging Server is used only with ZENworks Configuration Management. |
|
1761 |
No |
No |
Open UDP port |
Used to forward subnet-oriented broadcast magic packets for Wake-On-LAN. |
|
4011 |
Required |
No |
Open UDP port |
Used for proxy DHCP when it is running on the same device as the DHCP server. Make sure that the firewall is configured to allow the broadcast traffic to the proxy DHCP service. |
|
13331 |
Required |
No |
Open UDP port |
Used by the zmgpreboot policy, but will not work across firewall because it opens a random UDP port for each PXE device. The zmgpreboot policy is used only with ZENworks Configuration Management. |
|
6001 |
Mandatory |
No |
NA |
Used for certificate activation. There is no firewall requirement for this port. |
|
31582 |
No |
Yes |
NA |
Used when the Configure Action (microfocus-zenworks-configure) is running in the service mode. If this port is in use, a different port can be specified by configuring the service.port in the microfocus-zenworks-configure-service.properties file. There is no firewall requirement for this port. |
This sections list the ports used by Satellite Servers:
The following table contains information on the Windows Satellite Server Ports:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirement |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
80 |
No |
Yes |
Open TCP Port |
Used for content replication. Content is transferred between Satellite Servers and managed devices using this port. Used by the Collection Role to receive file uploads from managed devices. NOTE:Collection Role can be enabled over SSL if required. |
443 |
No |
Yes |
Open TCP Port |
Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port. Used for CASA authentication. |
|
|
998 |
No |
No |
Open TCP Port |
Used by the Preboot Server (novell-pbserv). The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management. |
|
7019 |
No |
Yes |
Open TCP Port |
Used by Join Proxy. |
|
7628 |
Yes |
No |
Open TCP port |
Used by the Adaptive Agent. |
Firewall Settings: Open UDP Ports |
67 |
No |
No |
Open UDP Port |
Used by proxy DHCP when it is not running on the same device as the DHCP server. |
|
69 |
No |
No |
Open UDP Port |
The Imaging TFTP is used only with ZENworks Configuration Management. For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections. This is because the initial connection is done on port 69; however, it continues communication on a random UDP port. |
|
997 |
No |
No |
Open UDP Port |
Used by the Imaging Server for multicasting. The Imaging Server is used only with ZENworks Configuration Management. |
4011 |
No |
No |
Open UDP Port |
Used for proxy DHCP when it is running on the same device as the DHCP server. Ensure that the firewall is configured to allow the broadcast of traffic to the proxy DHCP service. |
|
13331 |
No |
No |
Open UDP Port |
Used by the zmgpreboot policy, but will not work across the firewall because it opens a random UDP port for each PXE device. The zmgpreboot policy is used only with ZENworks Configuration Management. |
The following table contains information on the Linux Device Ports:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
80 |
No |
Yes |
Open TCP port |
Used for content replication. Content is transferred between Satellite Servers and managed devices using this port. Used by the Collection Role to receive file uploads from managed devices. Collection Role can be enabled over SSL if required. |
443 |
No |
Yes |
Open TCP port |
Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port. Used for CASA authentication. |
|
|
998 |
No |
No |
Open TCP port |
Used by Preboot Server (novell-pbserv). The Preboot Server (novell-pbserv) is used only with ZENworks Configuration Management. |
|
7628 |
Yes |
No |
Open TCP port |
Used by the Adaptive Agent. |
|
7019 |
No |
Yes |
Open TCP port |
Used by Join Proxy. |
Firewall Settings: Open UDP Ports |
67 |
No |
No |
Open UDP port |
Used by proxy DHCP when it is not running on the same device as the DHCP server. |
|
69 |
No |
No |
Open UDP Port |
The Imaging TFTP is used only with ZENworks Configuration Management. For TFTP to work across the firewall it is mandatory to also have a firewall rule present to accept traffic from already established/related connections. This is because the initial connection is done on port 69; however, it continues communication on a random UDP port. |
|
997 |
No |
No |
Open UDP port |
Used by the Imaging Server for multicasting. The Imaging Server is used only with ZENworks Configuration Management. |
4011 |
No |
No |
Open UDP port |
Used for proxy DHCP when it is running on the same device as the DHCP server.Ensure that the firewall is configured to allow the broadcast traffic to the proxy DHCP service. |
|
13331 |
No |
No |
Open UDP Port |
Used by the zmgpreboot policy, but will not work across the firewall because it opens a random UDP port for each PXE device. The zmgpreboot policy is used only with ZENworks Configuration Management. |
The following table contains information on the Macintosh Device Ports:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
80 |
No |
Yes |
Open TCP port |
Used for HTTP non-secure port. |
|
7628 |
Yes |
No |
Open TCP port |
Used by the Adaptive Agent. |
|
443 |
No |
Yes |
Open TCP port |
Used for content replication. Content is transfered between Primary Servers and Satellite Servers using this port. |
The following table lists the ports used by the Windows managed devices:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
7628 |
Yes |
No |
Open TCP Port |
In order to view the status of the ZENworks Adaptive Agent for a managed device in ZENworks Control Center, ZENworks automatically opens port 7628 on the device if you are using the Windows firewall. However, if you are using a different firewall, you must open this port manually. Port 7628 must also be opened on the device if you want to send a Quick Task to the client from ZENworks Control Center. |
|
5950 |
No |
Yes |
Open TCP Port |
For Remote Management where the ZENworks Adaptive Agent is running, the device listens on port 5950. You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management). Remote Management is used only with ZENworks Configuration Management. |
The following table lists the ports used by the Linux managed devices:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
7628 |
Yes |
No |
Open TCP Port |
You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks. |
|
5950 |
No |
Yes |
Open TCP Port |
For Remote Management where the ZENworks Adaptive Agent is running, the device listens on port 5950.You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management).Remote Management is used only with ZENworks Configuration Management. |
|
5951 |
No |
Yes |
Open TCP Port |
Used by Remote Management for linux remote login.You can change the port in ZENworks Control Center (Configuration tab >Management Zone Settings > Device Management > Remote Management). |
The following table lists the ports used by the Macintosh managed devices:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP Ports |
7628 |
Yes |
No |
Open TCP Port |
You must assign the Network Interface to the firewall zone. Firewall rules are applied to this zone for managing the ports used by ZENworks. |
The following table lists the ports that need to be configured for ZENworks Agent
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
Firewall Settings: Open TCP ports |
135, 139, 445, 593 |
Yes |
No |
Open TCP Ports |
Since the Remote WMI connection establishes an RPC connection with the target Windows device, these TCP ports must be allowed by the Windows Firewall of the target device for the WMI discovery technology. Ports 139 and 445 are also required to access the Print Spooler. |
Firewall Settings: Open UDP ports |
161,162 |
Yes |
No |
Open UDP Ports |
These are the default ports used by SNMP. |
(Optional) Firewall Settings: Open TCP and UDP ports |
42, 137 |
No |
No |
Open TCP and UDP ports |
These are the default WINS replication ports. |
(Optional) Firewall Settings: Open TCP ports |
515 |
No |
No |
Open TCP ports |
This is the default port to access the Print Server. |
The following table lists the ports that need to be configured for ZENworks Application
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
7268 |
This is the default port for communication between the ZAPP UI and the ZENWorks agent service. |
7269 |
This is the default port for websocket communication between the ZENWorks agent service and the ZAPP UI using the WebSocket protocol. |
The following table lists the ports that need to be configured for Remote Management Ports of Windows devices:
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
5950 |
By default, the Remote Management service runs on this port. |
|
5550 |
Remote Management Listener runs on this port. |
|
5750 |
By default, the remote management proxy listens on this port. |
The following table lists the ports that need to be configured for Remote Management Ports of Linux devices:
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
5950 |
By default, the Remote Management service runs on this port. |
|
5951 |
Remote Management service for Remote Login runs on this port. |
|
5750 |
By default, the remote management proxy listens on this port. |
The following table lists the ports that need to be configured for Remote Management using Join Proxy:
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
7019 |
By default, the port on which the Join Proxy listens for a connection. |
The following table lists the ports that need to be configured to access the User Source.
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
636 |
Default SSL port while configuring the User Source. |
389 |
Default non-SSL port while configuring the User Source. |
NOTE:If the LDAP server is listening on a different port, you must ensure that the port is opened for the Primary Servers and Authentication Satellite Servers to talk to the LDAP Server.
The following table lists the ports that need to be configured for the databases.
Item |
Ports |
Additional Details |
---|---|---|
Firewall Settings: Open TCP Ports |
1433 |
Default port for the Microsoft SQL database. |
1521 |
Default port for the Oracle database. |
|
|
54327 |
Default port for the embedded and PostgreSQL |
NOTE:You can change the default port number if there is a conflict. However, you must ensure that the port is opened for the Primary Server to talk to the database.
The following table lists the ports that need to be configured for ZENworks Reporting:
Item |
Ports |
Mandatory |
Configurable |
Firewall Requirements |
Additional Details |
---|---|---|---|---|---|
TCP Ports |
443 |
Yes |
No |
Open TCP port |
Port used by the Primary Server in the Management Zone. |
636 |
No |
Yes |
Open TCP port |
Default SSL port while configuring the User Source. |
|
389 |
No |
Yes |
Open TCP port |
Default non-SSL port while configuring the User Source. |
|
|
25 |
Yes |
No |
Open TCP port |
Default port on which the SMTP server listens during the configuration of the outbound email server settings to send email notifications and reports. |
|
9080 |
Yes |
No |
Open TCP port |
Port used to enable the Ganglia monitoring tool to access the server. |
|
9443 |
Yes |
No |
Open TCP port |
Port used to administer the appliance and configure ZENworks Reporting. |
|
9005 |
Yes |
No |
NA |
Used by Tomcat to listen to shutdown requests. This is a local port, and cannot be accessed remotely. |
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.microfocus.com/en-us/legal.
© Copyright 2008 - 2023 Open Text
The only warranties for products and services of Open Text and its affiliates and licensors (“Open Text”) are as may be set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Open Text shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.