IMPORTANT: Keep checking the MAP Blog and MAP Toolkit Content Index (en-US) for updates and changes , especially after new versions of MAP are released. 

In order for the MAP inventory to be successful, proper firewall configurations must be considered. The ports that need to be open depend on the collector technology being used. Each scenario on the “Inventory Scenarios” page of the inventory wizard uses different collector technologies and some collectors span multiple scenarios.

WMI – Port 135 (DCOM/RPC) for the initial connection, then a dynamically assigned port above 1024. This is a function of RPC/WMI and not MAP. Some firewalls, like Windows Firewall, allow you to specify exceptions for services, like WMI, rather than specific ports. Then the firewall takes care of opening the dynamically assigned ports for you. Some firewalls do not allow this and will require a range of ports to be opened. Consult your firewall’s documentation for more information.

SSH – Port 22. This is the default port MAP will use. In the inventory wizard, you can change the port that MAP uses if a non-default port is used in your environment.

VMware – Port 80 and/or 443. These are the default ports for HTTP and HTTPS respectively. In the inventory wizard, you can change the port that MAP uses if a non-default port is used in your environment. Some VMware environments use ports 8222 and/or 8333 for HTTP and HTTPS, but these are not listed by default in MAP.

PowerShell – 5985 and/or 5986. This is the default for PowerShell HTTP and HTTPS respectively. In the inventory wizard, you can change the port that MAP uses if a non-default port is used in your environment.

SQL Server – Port 1433 for default instances and port 1434 for the SQL Server Browser Service. For named instances, MAP queries the browser service and learns the port numbers assigned by SQL Server or that were manually set by the user. See this support article for more information on named instance port numbers.

Active Directory – In a domain that consists of Windows Server® 2003–based domain controllers, the default dynamic port range is 1025 through 5000. Windows Server 2008 R2 and Windows Server 2008, in compliance with Internet Assigned Numbers Authority (IANA) recommendations, increased the dynamic port range for connections. The new default start port is 49152, and the new default end port is 65535. Therefore, you must increase the remote procedure call (RPC) port range in your firewalls. If you have a mixed domain environment that includes a Windows Server 2008 R2 and Windows Server 2008 server and Windows Server 2003, allow traffic through ports 1025 through 5000 and 49152 through 65535. See this article for more information.

Oracle – 1521. This is the default port MAP will use. In the inventory wizard, you can change the port that MAP uses if a non-default port is used in your environment.