# Firewall Considerations The 2PXE and iPXE Anywhere web service both potentially requires changes to your firewall configuration. Generally changes these are not required if you are using the Microsoft Windows firewall. 2PXE uses the following protocols for booting WinPE images: * Dynamic Host Configuration Protocol (DHCP) * Pre-Boot Execution Environment (PXE) * Trivial File Transfer Protocol (TFTP) * Hyper Text Transfer Protocol (HTTP) The following table outlines the User Data Protocol (UDP) and Transmission Control Protocol (TCP) network ports that are used during the process. You can modify the values that have an asterisk (\*) by using the instructions in this manual. | DHCP & TFTP | 67\*, 69, 4011\*, Random | | | ----------------- | ------------------------ | ------ | | 2PXE HTTP Traffic | | 8050\* | | iPXE Anywhere | | 8051\* | #### Step by Step UDP and TCP ports used during image deployment: 1. The client performs a network boot. 2. 2PXE uses DHCP ports and TFTP to download the binary files. For TFTP and DHCP, you need to open ports 67, 69, and 4011. The TFTP and multicast servers use ports in the range 64001 through 65000 by default. 3. In accordance with RFC 1783 (), the client chooses random UDP ports to establish the session with the server. If you are using a non-Microsoft firewall, you may need to use an application exception for TFTP on the 2PXE Server. 4. PXE Client downloads the configured boot loader using TFTP. 5. The client downloads Windows PE, typically over HTTP or HTTPS and boots to the Windows Deployment Services client. This download also uses the same TFTP ports as mentioned previously or using HTTP directly from the 2PXE server or from the Configuration Manager DP or any other configured HTTP server. 6. If reporting is enabled, the PXE client will try to communicate over to the iPXE Anywhere Web Service. The following rules are automatically created when 2PXE starts: | Name | Protocol | File | Port | InterfaceType | | -------------------------- | -------- | ----------------------------------------------------------- | ---- | ------------- | | 2Pint Software 2PXE – TFTP | UDP | C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe | 69 | ALL | | 2Pint Software 2PXE – DHCP | UDP | C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe | 67 | ALL | | 2Pint Software 2PXE – PXE | UDP | C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe | 4011 | ALL | | 2Pint Software 2PXE – HTTP | TCP | Any | 8050 | ALL | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.2pintsoftware.com/2pxe-server/planning/firewall-considerations.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.