Firewall Rules Dynamics GP and Management Reporter

(0) Share

Report

Posted on by Community Member

Hi Everyone,

I am an IT support Tech. One of my clients is running GP 2016 with SQL Server 2016 on Server 2012 R2. They are running Windows 7 workstations. Some users are also running Management Reporter 2012. The previous IT group set a group policy disabling the Windows Firewall on the server and all workstations. I was told that GP would not work with it enabled. This is of course false.

I am going to remove the firewall policy. I have done some investigating and folks are saying that I will need to open up port 1433 TCP and possibly 1434 UDP for GP and 4712 for Management Reporter. However I have not got a clear answer if these are the only ports required. I also need to know if these ports need to be inbound only or inbound + outbound. It is also unclear if these ports are required on the server, workstation or both.

Could someone please make a list of all ports required for GP and Management Reporter for both the server and workstations? Please include the directions inbound outbound. Thanks for the support...

*This post is locked for comments

I have the same question (0)

All responses (8)

Answers (1)

Richard Wheeler 75,848 Moderator on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

Port 1433 is the default port for SQL. This can be changed or set to a different port at the time of installation. Port 4712 for MR is not modifiable. For GP and MR these are the only ports needed. If you are going to use the GP Web Client there are other issues.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

Hi Richard, Thanks for your reply. But I need to know if I need inbound only or outbound as well. I also need to know if both of these ports should be opened on just the workstations or do I need to open them on the Server hosing GP as well? Thanks...

Was this reply helpful? Yes No
Richard Wheeler 75,848 Moderator on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

Outbound means you initiate the connection and the traffic starts flowing outward of your computer to the destination you intended. Example you connect to a server.

Inbound means someone else from outside of your computer initiate the connection to your computer, so the traffic starts flowing inward to your machine. Example your server gets requests from people.

So for the server it would mean outbound and for the workstation it would mean inbound.

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

Thanks for your reply Richard. Your first statement says that "Outbound means you initiate the connection". Is this not the case when a workstation GP client launches. The GP client is connecting to the GP Server. So I would think that the workstation needs to be outbound. The GP Server must then accept the request from the GP Client. I would think that would be inbound on the server side. What am I missing here? Thanks for your support!

Was this reply helpful? Yes No
Richard Wheeler 75,848 Moderator on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

Think of the server as the sun and the workstation as the Earth. The server is sending out network traffic that in turn comes into the workstation. Just like the Earth receives radiation from the sun. I would check with whoever installed SQL to see what port it is using. You also need to be concerned with multiple instances of SQL as each will use its own port.

This tech note will get you started but look for any firewall SQL notes and you will find the information for which you seek. GP itself does not use ports.

https://www.mssqltips.com/sqlservertip/1929/configure-windows-firewall-to-work-with-sql-server/

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

OK, the GP database is using the default instance so it will be 1433. As for the port directions, I will try it as you suggest. Of course I could just set up both incoming and outgoing on both server and workstation. Thanks for the link. I will give it a good reading...

Was this reply helpful? Yes No
Community Member on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

OK, I was wrong! GP is not using the default instance with port 1433. It is a named instance using dynamic ports. I found a page for another product that shows how to set up the rules.

consignor.zendesk.com/.../115000647774-Opening-Windows-Firewall-for-client-connections-to-server

For GP on the server, I must setup an inbound program TCP rule for sqlservr.exe of the GP instance opening all local and remote ports. For the workstations, I must setup an inbound program TCP rule for Dynamics.exe opening all local and remote ports.

For Management Reporter on the server, the rule was already in place. I suspect it was setup by the installer. It is an inbound TCP rule opening local port 4712 and all remote ports. I have changed the remote port to 4712 as well. For the workstations, I must setup an inbound TCP rule opening port 4712 local and remote.

I suspect that no outbound port rules are required.

Richard or anyone else please feel free to reply if you think my approach is wrong.

Was this reply helpful? Yes No
Verified answer

Community Member on at

Like (0)

Report

RE: Firewall Rules Dynamics GP and Management Reporter

I have turned the Windows firewall back on. Here are my findings. All rules are defined on the server, client workstations do not require any firewall rules. This configuration is for a named GP SQL instance using Dynamic TCP Ports. On the server running the GP SQL instance, there are 2 rules. The first rule allows client workstations to query the server for the TCP port the GP instance is using. This is accomplished via the SQL Browser Service. The second rule allows client workstations to connect to the GP SQL database. This is accomplished via the SQL Server Service for the GP instance. Here are the rules...

________________

Type - Inbound

Name - SQL Browser

Programs and Services - %ProgramFiles% (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

Protocol - UDP

Ports - Local 1434 / Remote All

________________

Type - Inbound

Name - SQL Server GP

Programs and Services - %ProgramFiles%\Microsoft SQL Server\MSSQL13.GP\MSSQL\Binn\sqlservr.exe

Protocol - TCP

Ports - Local All / Remote All

________________

This next rule is required if you have any clients running Management Reporter. This rule is defined on the server, client workstations require no rules. This rule already existed on my server. I suspect that it was created when MR 2012 was installed. Here is the rule...

________________

Type - Inbound

Name - Management Reporter 2012 Services

Programs and Services - All

Protocol - TCP

Ports - Local 4712 /Remote All

Was this reply helpful? Yes No

Community site session details

Firewall Rules Dynamics GP and Management Reporter

Helpful resources

News and Announcements

Quick Links

Responsible AI policies

Abhilash Warrier – Community Spotlight

Congratulations to the September Top 10 Community Leaders!

Leaderboard > 🔒一 Microsoft Dynamics GP (Archived)

Featured topics

Product updates

Community site session details

Firewall Rules Dynamics GP and Management Reporter

Helpful resources

News and Announcements

Quick Links

Responsible AI policies

Abhilash Warrier – Community Spotlight

Congratulations to the September Top 10 Community Leaders!

Subscribe to this forum!

Select categories

Leaderboard > 🔒一 Microsoft Dynamics GP (Archived)

Featured topics

Product updates