Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, April 29, 2017 2:07 PM
Hello.
I use Windows Server 2008 R2 as a web server and I want to secure my server. Which ports must be close? I know port 445 must be close and I closed FTP too because I never use any FTP service.
Any idea?
Thank you.
All replies (5)
Monday, May 1, 2017 1:28 AM
HI Geek,
>> Which ports must be close?
Web server normally needs port: 80(http),443(https).
You could use port query tool to check the related ports:
Download link:https://www.microsoft.com/en-us/download/details.aspx?id=24009
Or, netstat -an command to check.
Besides, just open the required ports.
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Sunday, May 7, 2017 5:42 AM
HI Geek,
>> Which ports must be close?
Web server normally needs port: 80(http),443(https).
You could use port query tool to check the related ports:
Download link:https://www.microsoft.com/en-us/download/details.aspx?id=24009
Or, netstat -an command to check.
Besides, just open the required ports.
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
I download Port Query but which query type is useful for me?
Tuesday, May 9, 2017 2:08 AM
Hi,
>>I download Port Query but which query type is useful for me?
Below illustration is more detailed of portqry usage:
https://support.microsoft.com/en-us/help/310099/description-of-the-portqry.exe-command-line-utility
How to use Portqry to troubleshoot Active Directory connectivity issues
Besides, I suppose you need to better understand ports:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
In addition, windows needed ports list as below:
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, May 15, 2017 6:06 AM
Hi,
>>I download Port Query but which query type is useful for me?
Below illustration is more detailed of portqry usage:
https://support.microsoft.com/en-us/help/310099/description-of-the-portqry.exe-command-line-utility
How to use Portqry to troubleshoot Active Directory connectivity issues
Besides, I suppose you need to better understand ports:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
In addition, windows needed ports list as below:
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
What does this result mean?
Starting portqry.exe -n 127.0.0.1 -e 3269 -p TCP ...
Querying target system called:
127.0.0.1
Attempting to resolve IP address to a name...
IP address resolved to www.internetdownloadmanager.com
querying...
TCP port 3269 (msft-gc-ssl service): NOT LISTENING
portqry.exe -n 127.0.0.1 -e 3269 -p TCP exits with return code 0x00000001.
Monday, May 15, 2017 7:54 AM
Hi,
>>I download Port Query but which query type is useful for me?
Below illustration is more detailed of portqry usage:
https://support.microsoft.com/en-us/help/310099/description-of-the-portqry.exe-command-line-utility
How to use Portqry to troubleshoot Active Directory connectivity issues
Besides, I suppose you need to better understand ports:
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
In addition, windows needed ports list as below:
Best regards,
Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].What does this result mean?
Starting portqry.exe -n 127.0.0.1 -e 3269 -p TCP ...
Querying target system called:
127.0.0.1
Attempting to resolve IP address to a name...
IP address resolved to www.internetdownloadmanager.com
querying...
TCP port 3269 (msft-gc-ssl service): NOT LISTENING
portqry.exe -n 127.0.0.1 -e 3269 -p TCP exits with return code 0x00000001.
this line: TCP port 3269 (msft-gc-ssl service): NOT LISTENING
means that your tcp port 3269(GC port via ssl) is not ESTABLISHED.
You could use netstat -anp tcp to check.
Best regards,
Andy