Purpose
The purpose of this document is to provide information about the necessary filewall settings required by PowerShell Universal.
Overview
PowerShell Universal does not offer a built in firewall. We recommend using standard firewalls available in your environment. The below document outlines the ports that are required for various features to function properly.
While not possible to filter IP Addresses, it is possible to configure
host filtering.
Inbound
PowerShell Universal listens on any configured port. By default, it will run on port 5000. Standard configurations will typically run PowerShell Universal on HTTPS and port 443.
You can use standard Windows Firewall rules to limit which IP Address ranges have access to PowerShell Universal. It doesn't employ any IP address filtering itself. To access it, you will only need to add a rule for HTTP (port 80) and\or HTTPS (port 443).
In the Windows firewall settings, you can use the scope tab to limit which IPs have access.
Outbound
In terms of outbound rules, PowerShell Universal will only need network access for the following features. None of these features are required.
Updates:
PowerShell Universal communicates with IronmanSoftware.com to check to see if there are updates to the platform. Port 443 access is required.
PowerShell Modules:
The Modules feature of PowerShell Universal communicates with the PowerShellGallery.com website to download and install modules onto the machine when requested to do so. Port 443 access is required.
Universal Dashboard Components:
PowerShell Universal communicates with marketplace.universaldashboard.io to view and download community developed components. Port 443 access is required.
PowerShell Universal Templates
PowerShell Universal will communicate with IronmanSoftware.com to browse for and install templates. Port 443 access is required.
Git Support
In order to synchronize with a remote git repository, HTTPS or SSH access will need to be provided. This port 443 is default for HTTPS and port 22 is default for SSH.
SQL Server Support
In order to store configuration and historical data in a SQL server, PowerShell Universal will need access to port 1433 by default.
Azure Application Insights
In order to send monitoring data to Azure, you will need to enable access to port 443. Data will be sent to Microsoft's Azure platform. You will need to enter your Application Insights key in order to enable this feature.
Port Table
Feature | Port | Direction | Required |
Default Web Server Port (configurable) | 5000 | Inbound | Yes |
Updates | 443 | Outbound | No |
PowerShell Modules | 443 | Outbound | No |
Universal Dashboard Components | 443 | Outbound | No |
Universal Templates | 443 | Outbound | No |
Git Support (HTTPS) | 443 | Outbound | No |
Git Support (SSH) | 22 | Outbound | No |
SQL Server Support | 1433 | Outbound | No |
Azure Application Insights | 443 | Outbound | No |