This paper describes deploying SharePoint Portal Server inside a perimeter network. This requires that a Microsoft Active Directory® directory service domain is deployed inside this same perimeter network.
To do this successfully, you must know:
- The kinds of communications that take place between computers in an Active Directory domain and computers in a SharePoint Portal Server deployment.
- The communications that take place between the domain infrastructure computers — domain controllers, DNS computers, Dynamic Host Configuration Protocol (DHCP) computers, etc. — and the other computers that are members of the domain (SharePoint Portal Server computers, SQL Server® computers).
The following table lists the protocols and ports used for the inter-server communications described. These protocols and ports are provided to help ensure that you are able to configure any internetworking devices (routers, switches, etc.) between Active Directory domain computers and SharePoint Portal Server computers to enable them to communicate successfully.
||Ports (TCP and User Datagram Protocol)
|Dynamic Host Configuration Protocol (DHCP) Server
|File Replication Service (FRS)
||RPC Port 49152/TCP
|Global Catalog over SSL
|Secure HTTP (HTTPS)
|Internet Message Access Protocol (IMAP)
|Kerberos authentication protocol
|Lightweight Directory Access Protocol (LDAP)
|Network Time Protocol (NTP)
|Post Office Protocol 3 (POP3)
|Remote Procedure Call (RPC) Endpoint Mapper
|Server Message Block (SMB) over NetBIOS over TCP/IP (NBT)
||137/TCP, 137/UDP, 138/UDP, 139/TCP
|SMB over TCP
|Simple Mail Transfer Protocol (SMTP)
|Simple Network Management Protocol (SNMP)
||161/TCP, 161/UDP, 162/TCP, 162/UDP
|Static RPC (configured with registry setting)
|Windows Internet Name Service (WINS) Replication
*Dynamic Remote Procedure Call (RPC) It is possible to use a Windows registry key to limit the range of the dynamic RPC ports assigned. Rather than using all of the high-numbered ports (1024 – 65535), it is possible to limit the range of dynamic RPC ports to a much smaller number. This is referred to as static RPC. For more information, see:
Note As stated in the Introduction section of this paper, prescriptive guidance for installing and configuring firewalls/proxy servers between SharePoint Portal Server computers in a server farm is beyond the scope of this paper.
Named Pipes Although it is not explicitly depicted in the table above, Named Pipes typically uses ports 137, 138, 139 and 445.
IPsec As mentioned in a previous section, this paper does not address configuring IPsec between the servers that make up a SharePoint Portal Server farm deployment. By default, all inter-server communications in a SharePoint Portal Server farm are "in the clear" and not encrypted.