Ports used in HEAT DSM

Ivanti DSM is based on an infrastructure that is spread over an organization’s network and sometimes beyond. Using this infrastructure is possible only with a respective communication throughout the network.

The ports Ivanti DSM uses for this communication are displayed in the following tables, separate for each infrastructure object of Ivanti DSM.

Management Point

MP Application / Component Local Port Remote Port Changeable TCP/UDP Direction

(Primary) Business Logic Server,
Relay Proxy, Event Dispatcher,
DSM Web, OSD Proxy,
HEAT SM Integration
- Web Services via HTTP (Admin, Client)

8080

Any

Yes, via ICDB:

Port of the website

TCP

In

(Primary) Business Logic Server,
Relay Proxy, Event Dispatcher,
DSM Web, OSD Proxy,
HEAT SM Integration
- Web Services via HTTPS (Admin, Client)

443

Any

Yes, via ICDB:

HTTPS port of the  website

TCP

In

SQL Server

Any

1433

Yes, via ICDB:

Database connection

TCP

Out

Transport Layer

5052

Any

Yes, via ICDB:

TCP port for TL communication

TCP

In

Transport Layer

Any

5052

Yes, via ICDB:

TCP port for TL communication

TCP

Out

Service Installation Service (SIS),
Client push installation

Any

RPC 135 *
(Remote procedure calls)

No

-

Out

Distribution Service
- Access to depot server (SMB)

 

NBT/CIFS *
(SMB default)

No

-

Out

Distribution Service
- Access to depot server (HTTP)

 

Port used for HTTP depot

Yes, via ICDB:

HTTP URL

TCP

Out

OSD Proxy - BootP

67

68

No

UDP

In

OSD Proxy - TFTP
(ISO / configuration files)

69

Any

No

UDP

In

OSD Proxy - Wake on LAN

Any

2304

No

UDP

Out

OSD Proxy - PXE

4011

4011

No

UDP

In

OSD Proxy - Imaging, Multicast

19779

Any

Yes, via ICDB:

Server port the client connects to

UDP

In

OSD Proxy - Multicast

Any

27971-28003

Yes, via ICDB:

First used multicast port

Last used multicast port

UDP

Out

OSD Proxy - Request for Boot Image
(when using DOS client)

2000

Any

No

UDP

In

DSM Citrix Integration
- WinRM/Remote Powershell HTTP

 

5985

Yes, via:

Internal Citrix configuration

TCP

Out

DSM Citrix Integration
- WinRM/Remote Powershell HTTPS

 

5986

Yes

Internal Citrix configuration

TCP

Out

HEAT Discovery Integration

 

80

Yes, via ICDB:

HEAT Discovery Basis URL

TCP

Out

HEAT MDM Integration (HTTPS)

 

443

No

TCP

Out

SQL Server

Component Local Port Remote Port Changeable TCP/UDP Direction

SQL Server

1433

 

Yes, via:
Internal SQL Server configuration

TCP

In

Depot Server

Component Local Port Remote Port Changeable TCP/UDP Direction

SMB *

137-139

 

No

TCP/UDP

In

SMB *

445

 

No

TCP

In

HTTP

no default

 

Yes, via:
Configuration of HTTP website

TCP

In

HTTPS

443

 

Yes, via:
Configuration of HTTPS website

TCP

In

Managed Computer

Component / Action Local Port Remote Port Changeable TCP/UDP Direction

Push execution
- Execute changes (FastInstall)
- HEAT Cloud Remote connection
- Remote registry

RPC 135 *
(Remote procedure calls)

 

No

TCP/UDP

In

Log file access

NBT/CIFS (SMB default) *

 

No

-

In

BLS synchronization (with BLS or Relay Proxy)

 

8080

Yes, via:
Management Point (above)

TCP

Out

Access to depot server (SMB)

 

NBT/CIFS (SMB default) *

No

-

Out

Access to depot server (HTTP)

 

Port used for HTTP depot

Yes, via:
Depot (above)

TCP

Out

Neighborcast (P2P staging)

56789

56789

Yes, via ICDB:
Broadcast port for client discovery

UDP

In/Out

Neighborcast (P2P staging)

56789

 

Yes, via ICDB:
Port for package download

TCP

In

Neighborcast (P2P staging)

 

56789

Yes, via ICDB:
Port for package download

TCP

Out

HEAT Remote Client

5900

 

Yes, via ICDB:
Port for HEAT Remote

UDP

In

HEAT Cloud Remote Client
- Connection via local network

 

11438

No

TCP

Out

HEAT Cloud Remote Client
- Connection via internet

 

443,80

No

TCP

Out

Administrator Workstation

Component / Action Local Port Remote Port Changeable TCP/UDP Direction

SOAP via HTTP (default)

 

8080

Yes, via:
Management Point (above)

TCP

Out

SOAP via HTTPS

 

443

Yes, via:
Management Point (above)

TCP

Out

Access to depot server (SMB)

 

NBT/CIFS (SMB default) *

No

-

Out

Access to depot server (HTTP)

 

Port used for HTTP depot

Yes, via:

Depot (above)

TCP

Out

Status queries to clients

 

RPC 135 *
(Remote procedure calls)

No

-

Out

HEAT Remote Administrator

 

5900

Yes, via ICDB:
Port for HEAT Remote

UDP

Out

HEAT Cloud Remote Operator

 

443,80

No

TCP

Out

HEAT Cloud Remote Operator
- Connection via local network

11438

 

No

TCP

In

* NBT/CIFS (SMB default)

Please refer to the Microsoft documentation. Allow at least ports 137,138 (UDP) and 139,445 (TCP).

* RPC (Remote procedure calls)

Ports 135 and 445, as well as dynamic RPC ports and RPC endpoint mapper ports are needed for UDP and TCP.

DSM Remote Control

Component / Action Local Port Remote Port Changeable TCP/UDP Direction

Web Viewer app/Accepting browser connections

HTTPS/443

 

No

TCP

In
Auth web service/Accepting Viewer connections HTTPS/443   No TCP In
Tunnel/Accepting Auth connections HTTPS/44346   No TCP In
Tunnel/Accepting Agent connections HTTPS/44345   No TCP In
Tunnel/Accepting Viewer connections HTTPS/44344   No TCP In