> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/knowledge-base/knowledge-base-articles/ports-and-firewalls.md). # Ports and firewalls Devolutions Server does not specify which ports are required for accessing its resources. You should consult with your system administrator to determine the necessary adjustments for ensuring Devolutions Server can interact properly with your existing infrastructure. ### Inbound port The only inbound port that is needed for Devolutions Server is for HTTP or HTTPS communication, as per your preference. We strongly recommend using https even if only within your own network infrastructure. Although the default port is easily changed, it is typically port 443. ### Outbound port Two technologies are in play for proper operation of Devolutions Server: SQL Server, LDAP/LDAPS. #### SQL Server Depending on the choice of Default Instance or Named Instance that was made during the installation, the SQL Server instance will listen on different ports. Using SQL Server Configuration Manager, you can see the details in the Protocols section. ![](https://cdnweb.devolutions.net/docs/docs_en_kb_KB4315.png) In most cases, TCP/IP will be used for remote connections. You will be able to see what ports are in use. If you see that TCP Dynamic Ports are in play, they will change upon every restart of the SQL Server instance and therefore are not a good fit for a hardened installation. ![](https://cdnweb.devolutions.net/docs/INTERFACE4106.png) For more information, please consult [SQL Server Configuration Manager on Technet](https://technet.microsoft.com/en-us/library/ms174212\(v=sql.130\).aspx) #### LDAP/LDAPS As indicated in [LDAPS on Technet](http://social.technet.microsoft.com/wiki/contents/articles/2980.ldap-over-ssl-ldaps-certificate.aspx), LDAP communications are by nature insecure under certain conditions: By default, LDAP communications between client and server applications are not encrypted. This means that it would be possible to use a network monitoring device or software and view the communications travelling between LDAP client and server computers. This is especially problematic when an LDAP simple bind is used because credentials (username and password) is passed over the network unencrypted. This could quickly lead to the compromise of credentials. Follow the instructions for your operating system to establish LDAPS. It will involve deploying certificates generated using your of Certification Authority (CA). LDAP by default uses port 389. Even when you enable LDAPS, it may use plain LDAP therefore it needs to be disabled. LDAPS by default uses port 636 for typical domains, but will use port 3269 when communicating with a Global Catalog Server (basically when you have a Forest). Your domain administrator should be able to provide you with details of your domain infrastructure, especially if custom ports were used. You can also use **ldp.exe** to perform connectivity tests. #### See also * [Active Directory LDAPS certificate selection deep dive](https://awakecoding.com/posts/active-directory-ldaps-certificate-selection-deep-dive/) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.devolutions.net/server/knowledge-base/knowledge-base-articles/ports-and-firewalls.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.