Inbound
- TCP 80 (Only for Distribution Servers that utilize HTTP) Needed for Distribution Servers to Sync patches with Console only if using HTTP
- TCP 135 (Inbound on agentless target machine) WMI Scanning – Only needed if using Asset Scanning
- TCP 137-139 (Windows file sharing/directory services) required for agentless scan to work
- TCP 445 (Windows file sharing/directory services) required for agentless scan to work
- TCP 3121 (Inbound on the console) required for tracker status updates for patch deployment and agent communication back to console
- TCP 3122 (Inbound on the console) required for console service to communicate with database
- TCP 4155 (Inbound on agent machine) Allows agent to allow commands from console
- TCP 5120 (Inbound on agentless target machine) Allows scheduler to receive commands from console machine
- TCP 5985 (Inbound on agentless target machine) Allows you to use IT Scripts feature
- TCP 443 (Only for Distribution Servers that utilize HTTPS) Needed for Distribution Servers to Sync patches with Console only if using HTTPS
Outbound
- TCP 80 (Only for Distribution Servers that utilize HTTP) Allows agent and console communion with Distribution Server using HTTP
- TCP 137-139 (Windows file sharing/directory services) required for agentless scan to work)
- TCP 445 (Windows file sharing/directory services) required for agentless scan to work)
- TCP 3121 (Agent machine to console) Required for tracker status updates for patch deployment and agent communication back to console
- TCP 5120 (From console to agentless target) Allows console to send commands to target machine scheduler
- UDP 9 (Only used if using Wake on Lan)