Recently I had a project where it was necessary to set the SharePoint Server in the DMZ, so it was necessary to open different ports between the DMZ and the other LANs of the network. If you think that any other ports are needed, let me know!
For SharePoint Server
- From LAN to DMZ:
TCP 80 (HTTP)
TCP 443 (HTTPS)
- From DMZ to LAN:
TCP 25 (SMTP)
TCP 1433 (SQL default)
UDP 1434 (SQL default)
TCP 53 (It is needed a DNS)
UDP 53 (It is needed a DNS)
For RODC
- From LAN to DMZ:
TCP 135 (EPM)
TCP 53248 (FrsRpc)
TCP 389 (LDAP)
- From DMZ to LAN:
TCP 49152-65535 LSASS
TCP 57344 DRSUAPI, LsaRpc, NetLgonR
TCP 53248 FrsRpc
TCP 135 EPM
TCP 389 LDAP
TCP 3268 GC, LDAP
TCP 445 DFS, LsaRpc, NbtSS, NetLogonR, SamR, SMB, SrvSvc
TCP 53 DNS
TCP 88 Kerberos
UDP 123 NTP
UDP 389 C-LDAP
UDP 53 DNS
TCP 5722 DFS-R
TCP y UDP 464 Kerberos Change/Set Password
Cheers!
Albandrod's Memory 
Hi is this also the case for SP2016?
LikeLike
Hey Hajaji, I haven’t tried in SharePoint 2016, but probably will be the same configuration. I doubt that MS had changed the port configuration for SharePoint.
LikeLike