Ports used by Portal for ArcGIS and Windows Defender Firewall

AnthonyRyanEQL · ‎01-16-2024

Hi there,

In the webpage Ports used by Portal for ArcGIS it talks about the various ports required to communicate with Portal and Enterprise.

When the requirement to use Windows Defender Firewall comes into play, what do most people do?

Do you add a generic rules that allows any process to use the ports listed above or specify which application/process/service that is allowed to connect via these ports?

If the application/process/service is specified, is it just the Portal for ArcGIS service (C:\Program Files\ArcGIS\Portal\framework\service\bin\ArcGISPortal.exe) that is listed or are other applications that need to be considered as well.

Thanks

Scott_Tansley · ‎01-16-2024

I think this would come down to the demands of the internal security advisor. In most of my clients we open the ports for any other server to connect - but most deployments are in a secure zone to begin with. In some clients we specify the IP addresses of remote servers that can connect inbound to the Enterprise Portal (or other component). Also depends if the base deployment is on one machine, or spread across many. There are a lot of factors that come into play, so you may want to share a little more about your approach?

Scott Tansley
https://www.linkedin.com/in/scotttansley/

ReeseFacendini · ‎01-17-2024

Port 7443 is going to be the main port used for communication (outside of a highly-available setup). The other ports listed are used, but often only on the machine itself and there isn't a need to open the firewall for all of them. I would also recommend adding 6443 to that same rule to allow communication to federated servers (Notebook Server, Mission Server, and Workflow Manager server use different ports from 6443, if any of those are in place).

ArcGISPortal.exe is not the only process, and in my experience it's better to manage security / web traffic for ArcGIS Enterprise at the port level than the process level.