Go Up
You are here: DeploymentAppendixProtocols and Ports Required for Netwrix AuditorLogon Activity

Protocols and Ports Required for Monitoring Logon Activity

Review a full list of protocols and ports required for monitoring Logon Activity.

  • Allow outbound connections from the dynamic (1024 - 65535) local port on the computer where Netwrix Auditor Server resides.
  • Allow outbound connections to remote ports on the source and inbound connections to local ports on the target.

Tip for reading the table: For example, on the computer where Netwrix Auditor Server resides (source), allow outbound connections to remote 389 TCP port. On domain controllers in your domain (target), allow inbound connections to local 389 TCP port.

Port Protocol Source Target Purpose

389

TCP

Netwrix Auditor Server

Domain controllers

LDAP

DC query

Account resolve

53

TCP

Netwrix Auditor Server

DNS Server

DNS Client

135

+ Dynamic:

1024 -65535

TCP

Netwrix Auditor Server

Domain controllers

Windows Management Instrumentation

Firewall configuration

135 and 137 through 139

TCP

Netwrix Auditor Server

Domain controllers

Service Control Manager Remote Protocol (RPC)

Core Service installation

445

TCP

Netwrix Auditor Server

Domain controllers

SMB 2.0/3.0

Go Up