KB0020 - Firewall Configuration for PowerShell Universal

KB0020 - Firewall Configuration for PowerShell Universal

Purpose

The purpose of this document is to provide information about the necessary filewall settings required by PowerShell Universal. 

Overview

PowerShell Universal does not offer a built in firewall. We recommend using standard firewalls available in your environment. The below document outlines the ports that are required for various features to function properly. 
While not possible to filter IP Addresses, it is possible to configure host filtering

Inbound

PowerShell Universal listens on any configured port. By default, it will run on port 5000. Standard configurations will typically run PowerShell Universal on HTTPS and port 443. 

You can use standard Windows Firewall rules to limit which IP Address ranges have access to PowerShell Universal. It doesn't employ any IP address filtering itself. To access it, you will only need to add a rule for HTTP (port 80) and\or HTTPS (port 443). 

In the Windows firewall settings, you can use the scope tab to limit which IPs have access. 

Outbound

In terms of outbound rules, PowerShell Universal will only need network access for the following features. None of these features are required.

Updates: 

PowerShell Universal communicates with IronmanSoftware.com to check to see if there are updates to the platform. Port 443 access is required.

PowerShell Modules:

The Modules feature of PowerShell Universal communicates with the PowerShellGallery.com website to download and install modules onto the machine when requested to do so.  Port 443 access is required.

Universal Dashboard Components: 

PowerShell Universal communicates with marketplace.universaldashboard.io to view and download community developed components.  Port 443 access is required.

PowerShell Universal Templates

PowerShell Universal will communicate with IronmanSoftware.com to browse for and install templates.  Port 443 access is required.

Git Support

In order to synchronize with a remote git repository, HTTPS or SSH access will need to be provided. This port 443 is default for HTTPS and port 22 is default for SSH. 

SQL Server Support

In order to store configuration and historical data in a SQL server, PowerShell Universal will need access to port 1433 by default. 

Azure Application Insights

In order to send monitoring data to Azure, you will need to enable access to port 443. Data will be sent to Microsoft's Azure platform. You will need to enter your Application Insights key in order to enable this feature. 

Port Table


Feature
Port
Direction
Required
Default Web Server Port (configurable)
5000
Inbound
Yes
Updates
443
Outbound
No
PowerShell Modules
443
Outbound
No
Universal Dashboard Components
443
Outbound
No
Universal Templates
443
Outbound
No
Git Support (HTTPS)
443
Outbound
No
Git Support (SSH)
22
Outbound
No
SQL Server Support
1433
Outbound
No
Azure Application Insights
443
Outbound
No



    • Related Articles

    • PowerShell Universal Service crashes on startup after an upgrade to 1.4.6

      Version: PowerShell Universal 1.4.6 Issue The PowerShell Universal service will crash with the following error in Event Viewer.  Application: Universal.Server.exe CoreCLR Version: 4.700.19.56402 .NET Core Version: 3.1.0 Description: The process was ...
    • KB0073 - Resetting PowerShell Universal configuration data

      Scope The scope of this document is applicable to all PowerShell Universal installations. Problem Incorrect configuration causes PowerShell Universal to behave in a manner that prevents the user from fixing the configuration. This can include ...
    • KB0074 - Connecting to PSU API w/Windows Auth

      Scope This article applies only to PSU environments where Windows Authentication[1] is enabled and known to be working[2]. Problem You are not able to interact with the PSU instance using the Invoke-WebRequest PowerShell cmdlet even though logging in ...
    • KB0011 - Are licenses different between Production, QA and Test/Development servers?

      Update January 24th, 2023 Adam recently summarized the Developer's license per below: The only real limitation on the developer license is that it cannot be accessed remotely. The server is only available on loopback when using the dev license. If ...
    • KB0069 - PowerShell Universal Startup Process

      Purpose The purpose of this document is to outline the steps that PowerShell Universal takes when starting up. Process 1. Insert current product version and install date in database Updates the database with a record about the current product version ...