| Protocol |
Port |
Usage |
Comment |
| TCP |
80 |
http |
Client to SharePoint web server traffic
(SharePoint – Office Web Apps communication) |
| TCP |
443 |
https/ssl |
Encrypted client to SharePoint web server traffic
(Encrypted SharePoint – Office Web Apps communication) |
| TCP |
1433 |
SQL Server default communication port. |
May be configured to use custom port for increased security |
| UDP |
1434 |
SQL Server default port used to establish connection |
May be configured to use custom port for increased security |
| TCP |
445 |
SQL Server using named pipes |
When SQL Server is configured to listen for incoming client connections by using named pipes over a NetBIOS session, SQL Server communicates over TCP port 445 |
| TCP |
25 |
SMTP for e-mail integration |
Cannot be configured |
| TCP |
16500-16519 |
Ports used by the search index component |
Intra-farm only
Inbound rule Added to Windows firewall by SharePoint |
| TCP |
22233-22236 |
Ports required for the AppFabric Caching Service |
Distributed Cache… |
| TCP |
808 |
Windows Communication Foundation communication |
WCF |
| TCP |
32843 |
Communication between Web servers and service applications |
http (default) To use custom port, see references section
Inbound rule Added to Windows firewall by SharePoint |
| TCP |
32844 |
Communication between Web servers and service applications |
https
Inbound rule Added to Windows firewall by SharePoint |
| TCP |
32845 |
net.tcp binding: TCP 32845 (only if a third party has implemented this option for a service application) |
Custom Service Applications
Inbound rule Added to Windows firewall by SharePoint |
| TCP |
32846 |
Microsoft SharePoint Foundation User Code Service (for sandbox solutions) |
Inbound on all Web Servers
Inbound rule Added to Windows firewall by SharePoint
Outbound on all Web and App servers with service enabled. |
| TCP |
5725 |
User Profile Synchronization Service(FIM) |
Synchronizing profiles between SharePoint 2013 and Active Directory Domain Services (AD DS) on the server that runs the Forefront Identity Management agent |
| TCP + UDP |
389 |
User Profile Synchronization Service(FIM) |
LDAP Service |
| TCP + UDP |
88 |
User Profile Synchronization Service(FIM) |
Kerberos |
| TCP + UDP |
53 |
User Profile Synchronization Service(FIM) |
DNS |
| UDP |
464 |
User Profile Service(FIM) |
Kerberos change password |
| TCP |
809 |
Office Web Apps |
Intra-farm Office Web Apps communication. |
Plan security hardening for SharePoint 2013
http://technet.microsoft.com/en-us/library/cc262849.aspx
Configure SQL Server security for SharePoint 2013 environments
http://technet.microsoft.com/en-us/library/ff607733.aspx#proc1
Blocking the standard SQL Server ports
http://technet.microsoft.com/en-us/library/cc262849.aspx#BlockingSQL
Service application communication
http://technet.microsoft.com/en-us/library/cc262849.aspx#ServiceApp
User Profile service hardening requirements
http://technet.microsoft.com/en-us/library/cc262849.aspx#UserProfile
Set-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607922.aspx
Get-SPServiceHostConfig
http://technet.microsoft.com/en-us/library/ff607794.aspx
TCP/IP Communications (Windows Server AppFabric Caching)
http://msdn.microsoft.com/en-us/library/ee790914(v=azure.10).aspx