https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955169#M54858 <P>Refer IP Services and Port Probes under discovery definition.&nbsp;</P> <P>The port probes are used to trigger the classification probes and gets triggered by IP service. So if you open any port probe you can get the triggering service. if you refer to that service you will get the port required to classify that particular device.</P> <P>So all these ports should be opened for the shazzam port to successfully run the port scan.</P> <P>And here you can find the list of ports.</P> <P>https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r_DiscoveryPortsAndProtocols.html</P> <P>&nbsp;</P> <P>If you want to filter out the ports per device class refer the Functionality Definitions and their corresponding port probes.</P> <P><span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"><img src="https://www.servicenow.com/community/image/serverpage/image-id/100160iABC639733A2B5EE2/image-size/large?v=v2&amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /></span></P> <P>For instance, if you want to discover the windows, open the the following ports.<BR />135(wmi), 53(dns), 137(wins),&nbsp;5,985(winrm)</P> <P>&nbsp;</P> <P>Hope it helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 13 Apr 2018 11:02:22 GMT Dewin Albert2 2018-04-13T11:02:22Z https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955168#M54857 <P>I plan to have a few MID servers (cluster) that will handle both Discovery and Service Mapping. Our firewall team has a policy of locking down all&nbsp;traffic for any systems (internal and external hosts). I would need to provide them a list of firewall exceptions, for both incoming and outgoing ports. Is there a place I can find the recommended ports required to successfully run Service Mapping &amp; Discovery?</P> Thu, 12 Apr 2018 18:51:22 GMT https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955168#M54857 HumanSky 2018-04-12T18:51:22Z https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955169#M54858 <P>Refer IP Services and Port Probes under discovery definition.&nbsp;</P> <P>The port probes are used to trigger the classification probes and gets triggered by IP service. So if you open any port probe you can get the triggering service. if you refer to that service you will get the port required to classify that particular device.</P> <P>So all these ports should be opened for the shazzam port to successfully run the port scan.</P> <P>And here you can find the list of ports.</P> <P>https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/discovery/reference/r_DiscoveryPortsAndProtocols.html</P> <P>&nbsp;</P> <P>If you want to filter out the ports per device class refer the Functionality Definitions and their corresponding port probes.</P> <P><span class="lia-inline-image-display-wrapper" image-alt="find_real_file.png"><img src="https://www.servicenow.com/community/image/serverpage/image-id/100160iABC639733A2B5EE2/image-size/large?v=v2&amp;px=999" role="button" title="find_real_file.png" alt="find_real_file.png" /></span></P> <P>For instance, if you want to discover the windows, open the the following ports.<BR />135(wmi), 53(dns), 137(wins),&nbsp;5,985(winrm)</P> <P>&nbsp;</P> <P>Hope it helps <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Fri, 13 Apr 2018 11:02:22 GMT https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955169#M54858 Dewin Albert2 2018-04-13T11:02:22Z https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955170#M54859 <P>Thank you, this was exactly what I was looking for. For Discovery, it seems like it's pretty straight forward. However, for Service Mapping, it seems like the outbound ports (from the MID server) could be anything, especially if you have custom, home-grown applications in your environment. If I have a dedicated MID server for Service Mapping, could I make the argument to our security team that I would need ALL outbound ports to ANY host? Especially when some of our applications are moving over to the cloud as well.</P> Fri, 13 Apr 2018 13:12:46 GMT https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955170#M54859 HumanSky 2018-04-13T13:12:46Z https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955171#M54860 <P>Found this thread when searching for how to limit ports for WMI discovery, specifically. Good information, thanks.</P> <P>So in a scenario where you're discovering Windows hosts in a DMZ, with the MID server in the core, it's not necessary to open all of the high ports&nbsp;49152-65535? The ServiceNow documentation suggests that's necessary -- that the initial communication is over 135, but then WMI will use a random high port to complete discovery.</P> Thu, 19 Mar 2020 15:00:30 GMT https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955171#M54860 roy_walton 2020-03-19T15:00:30Z https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955172#M54861 <P>Were you able to find an answer to this&nbsp; ? In one of my requirements , I had to request the 49152-65535 ports open for executing power shell ,this is basically for Citrix Delivery Controller pattern, The pattern log shows that the path doesn't exists or couldn't create file and one possible cause is the ports.</P> Tue, 19 Jan 2021 21:18:33 GMT https://www.servicenow.com/community/itom-forum/mid-server-outbound-ports/m-p/955172#M54861 JJ1 2021-01-19T21:18:33Z