Opening Firewall Ports

Business Desk

If you are using Windows Integrated authentication, if traffic is going from a Business Desk client to a server, open ports 80 or 443 in your firewall.


  • The client computer must be in the same domain or trusted domain of the Business Desk server that is contacted for authentication.

If you use Basic Authentication on Business Desk, you do not need to open these ports. It is recommended that you use Basic Authentication and SSL.

Server to a Data Source

If traffic is going from a server (Commerce Server) to a data source, open the following ports in your firewall:

Port Description
1433 The default for SQL Server
2393, 2394 and 2725 Analysis Server (OLAP)

For additional information, see Knowledge Base article 301901: “INF: TCP Ports Used by OLAP Services when Connecting Through a Firewall,” available at

135 DTC

Allow access in both directions, inbound and outbound.

If you are using a firewall that does not manage RPC connections, you will need to modify the registry on the computers involved to limit RPC secondary outbound ports to 5000-5020 (or whatever your preferred ports are) for Microsoft Distributed Transaction Coordinator (MSDTC).

53 DNS
389 Active Directory name resolution
88 Active Directory authentication

You only need to open these ports in the following situations:

  • Between domain controllers, open 53, 389 and 445.
  • Between Business Desk and the SQL and Analysis Servers, open 135 (DTCc), 1433 (SQL) and 2393/2394 (OLAP).

For step-by-step instructions that walk you through a sample Commerce Server deployment that includes three firewalls, see "Deploying a Secure Site" on the Microsoft TechNet Web site, located at

See Also

Using a Single-Firewall Configuration

Using a Two-Firewall Configuration

Using a Three Firewall Configuration

Deploying a Secure Site

Copyright © 2005 Microsoft Corporation.
All rights reserved.