Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Summary

Excerpt
A list of communication ports used by PXE Everywhere. Useful, if needed, for network and device firewalls.



Multiexcerpt
MultiExcerptNameCommunicationPorts

Although a computer with PXE Everywhere Agent installed can also be a PXE client, it cannot be both at the same time.

ComponentPortsProtocolDirectionUsageConfigurable
Central80HTTPInbound

PXE Everywhere Agent communicating with the PXE Everywhere Central web application.

Browser connections to the PXE Everywhere Central website to verify installation. 

Yes, post-installation on the Central server, and during installation of Agents by configuring the URL.

If HTTPS is required, please contact 1E for advice.

Central135 and 445 (initially)WMI-DCOM TCPOutboundPXE Everywhere Central installer requires access to the Configuration Manager Site server, and to the server hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. No.
Central1433(See usage for protocol) TCPOutbound

PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site.

Depends on the Configuration Manager SQL Server instance. The Central installer determines the connection string by querying the Site's SMS Provider.
ConfigMgr Site Server (and SMS Provider)135 and 445 (initially)WMI (DCOM) TCPInboundPXE Everywhere Central installer requires access to the Configuration Manager Site server, and each of the servers hosting the SMS Provider role. If there is only one SMS Provider, it is often on the Site server. In each case, TCP 135 and 445 are used to initiate communications and negotiate a dynamic RPC port. The dynamic range depends on the Windows OS version. No.
ConfigMgr Site SQL database1433

(See usage for protocol) TCP

Inbound

PXE Everywhere Central to access to the SQL database role for the selected Configuration Manager Site.


Depends on the Configuration Manager SQL Server instance.

Agent

(1E.Client.exe)

80HTTP TCPOutboundPXE Everywhere Agent communicating with the PXE Everywhere Central web application.

Yes, post-installation on the Central server, and during installation of Agents by configuring the URL.

If HTTPS is required, please contact 1E for advice.

Agent

(1E.Client.exe)

2012UDPInbound & outboundElection process inter-communication between PXE Everywhere Agents on a subnet.Yes, during installation of PXE Everywhere Agents using the MODULE.PXEEVERYWHERE.COMMSPORT installer property.

Agent

(1E.Client.exe)

67 or 2067BOOTP UDPInbound

Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet. PXE Everywhere Agents listen on this port for PXE discovers that are broadcast on the local subnet.

If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2067) to listen for PXE requests, instead of standard port 67.

Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders.

Agent

(1E.Client.exe)

68 or 2068BOOTP UDPOutbound

Port 68 is the standard PXE offer port. PXE Everywhere Agent uses this port to respond with offers to PXE discovers on the local subnet.

If PXE Everywhere is configured to support DHCP Snooping, Agents use a custom port (default 2068) instead of the standard port 68.

Only the DHCP Snooping ports are configurable, and must be the same on all Agents and Responders.

Agent

(1E.Client.exe)

69TFTP UDPInboundPort 69 is the standard PXE TFTP port. The PXE client downloads the boot image from the elected PXE Everywhere Agent using TFTP. This port is also used if PXE Everywhere is configured to support DHCP Snooping.No.

Agent

(1E.Client.exe)

4011UDPInbound

Port 4011 is the standard PXE port used by PXE clients to communicate with a PXE Server after the initial discover / offer, to unicast a request for the location of the TFTP boot image file.

This port is not used if PXE Everywhere is configured to support DHCP Snooping.

No.

Responder

(PXEEverywhereResponder.exe)

67BOOTP UDPInbound

Port 67 is the standard PXE discover port. A Responder is only required when DHCP Snooping is enabled, and listens for PXE requests from PXE clients on this port. See note below about DHCP Snooping and DHCP Relays.

No.

Responder

(PXEEverywhereResponder.exe)

68BOOTP UDPOutbound

Port 68 is the standard PXE offer port. A Responder is only required when DHCP Snooping is enabled, and responds to PXE clients with offers unicast on this port. See note below about DHCP Snooping and DHCP Relays.

No.
PXE client67BOOTP UDPOutbound

Port 67 is the standard PXE discover port. PXE clients use this port to broadcast PXE discovers on the local subnet.

If DHCP Snooping is being used these discovers are forwarded to a Responder. See note below about DHCP Snooping and DHCP Relays .

No.
PXE client68BOOTP UDPInbound

Port 68 is the standard PXE offer port. PXE Everywhere Agent broadcasts on this port with an offer in response to PXE discovers on the local subnet.

If DHCP Snooping is being used, then Responders respond with offers on this port. See note below about DHCP Snooping and DHCP Relays .

No.
PXE client69BOOTP UDPOutbound

Port 69 is the standard PXE TFTP port. A PXE client uses TFTP to download the boot image from the elected PXE Everywhere Agent on the local subnet. This port is also used if PXE Everywhere is configured to support DHCP Snooping.

No.
PXE client4011UDPOutbound

Port 4011 is the standard PXE port used by PXE clients to unicast a request to the PXE Everywhere Agent for the location of the TFTP boot image file, after the initial discover/offer.

This port is not used if PXE Everywhere is configured to support DHCP Snooping.

No.
PXE client2067BOOTP UDPOutbound

If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2067) to perform a PXE request after the PXE client has downloaded a boot loader from a Responder.

Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port.

Yes. DhcpPort is configured during installation of Agents.

AltPxeServerPort is manually configured on Responders.

PXE client2068BOOTP UDPInbound

If PXE Everywhere is configured to support DHCP Snooping, a custom port is used (default 2068) to respond to a PXE request after the PXE client has downloaded a boot loader from a Responder.

Only used if DHCP Snooping is being used, and PXE Everywhere has been configured to use this port.

Yes. AltPxeClientPort is manually configured on Responders.


Info

PXE client ports do not need to be configured on the OS firewall because it is the network interface which is doing the communicating. However you may need to configure intervening network firewalls for communication beyond the local subnet.

PXE Everywhere Responders communicate only with PXE clients; they do not communicate with PXE Central, PXE Everywhere Agents, other Responders, or Configuration Manager.


Note

Anchor
DHCPSnooping
DHCPSnooping
If DHCP Snooping is enabled on networks, then DHCP Relays (IP helpers) must be configured to forward PXE requests (discovers) from client VLANs to specific Responders on port 67 and return the responses (offers) on port 68.

If DHCP Snooping is not enabled, then all PXE-boot traffic is on the local subnet, except for communication between the elected PXE Everywhere Agent and the PXE Everywhere Central server, and DHCP Relays are not required to forward PXE requests.


Note

Ports used by PXE clients to communicate with DHCP servers are not included in the above table. Communication with DHCP servers occurs before a PXE client PXE-boots, and typically use their own DHCP Relays (IP helpers).

Ports used by PXE clients to communicate with ConfigMgr Site systems are not included in the above table. Communication with ConfigMgr occurs only after a PXE client has downloaded the WinPE boot image (referenced in the deployed task sequence) from a local PXE Everywhere Agent, and booted into WinPE to start the Task Sequence.

Ports used by ConfigMgr Administrator workstations to communicate with ConfigMgr Site systems are not included in the above table. ConfigMgr Console extensions for PXE Everywhere Admin Tools use the same ports as ConfigMgr Console.