Video Screencast Help

Firewall Ports for Patch Management

Created: 25 Jul 2012 • Updated: 25 Jul 2012 | 6 comments
This issue has been solved. See solution.

I have an isolated environment and want to patch the Windows Servers using ALTIRIS, can someone advise what ports are required to allow this, I only want to be able to deliver and install the MS Patches and allow the installation of the ALTIRIS Client to the servers.

Many thanks 


Comments 6 CommentsJump to latest comment

WALES0108's picture

Thanks Jackie, I have seen some of this info, I feel though that not all them ports are needed and it is unclear which ones I need to do the task in question.  I wondered if there was some clearer guidance or wether someone knew exactly which ports are required for this patching task.

Jackie007's picture

Notification Server uses standard MS ports to connect to the workstation from the Notification Server to copy over the bootstrap and then HTTP from the workstation to the Notification Server to download the agent.

Initial connection Notification Server to client

  • UDP 138 (NETLOGON)
  • TCP 445 (MS DS/CIFS/SMB)

Initial connection Client to Notification Server (after Service Starts)

  • TCP 80 (HTTP) client download
  • ICMP Type 8 (PING) package server speed check


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you

WALES0108's picture

Thanks Jackie, that seems to be just what I was looking for.

rusgiv's picture

I would presume that Site Servers require the same ports for communication to the Notification Server and for clients to communicate with the Site Servers?

QuietLeni's picture


Yes, Site Servers talk to the NS on HTTP, just like normal Agents. They download the same way(s), either over HTTP or using UNCs.


What is the point of an Asset Management Solution that needs excessive management? Let me help you.