Ports and firewalls

Devolutions Server in itself does not dictate which ports to use for any of the resources that it accesses. You must consult with your system administrator to ascertain which adjustments need to be made for the system to inter-operate with your infrastructure.

Inbound

The only inbound port that is needed for Devolutions Server is for http or https communication, as per your preference. We strongly recommend using https even if only within your own network infrastructure. Although the default port is easily changed, it is typically port 443.

Outbound

Two technologies are in play for proper operation of Devolutions Server: SQL Server, LDAP.

SQL Server

Depending on the choice of Default Instance or Named Instance that was made during the installation, the SQL Server instance will listen on different ports. Using SQL Server Configuration Manager, you can see the details in the Protocols section.

KB4315

In most cases, TCP/IP will be used for remote connections. You will be able to see what ports are in use. If you see that TCP Dynamic Ports are in play, they will change upon every restart of the SQL Server instance and therefore are not a good fit for a hardened installation.

KB4316

For more information please consult SQL Server Configuration Manager on Technet

LDAP/LDAPS

As indicated in LDAPS on Technet, LDAP communications are by nature insecure under certain conditions:

By default, LDAP communications between client and server applications are not encrypted.
This means that it would be possible to use a network monitoring device or software and
view the communications travelling between LDAP client and server computers. This is especially
problematic when an LDAP simple bind is used because credentials (username and password) is
passed over the network unencrypted. This could quickly lead to the compromise of credentials.

Follow the instructions for your operating system to establish LDAPS. It will involve deploying certificates generated using your of Certification Authority (CA)

LDAP by default uses port 389. Even when you enable LDAPS, it may use plain LDAP therefore it needs to be disabled, please consult Enforcing usage of LDAPS.

LDAPS by default uses port 636 for typical domains, but will use port 3269 when communicating with a Global Catalog Server (basically when you have a Forest). Your domain administrator should be able to provide you with details of your domain infrastructure, especially if custom ports were used. You can also use ldp.exe to perform connectivity tests.

Give us Feedback