SCCM VPN Client Configuration
Question
Hi
As per the current situation most of the client are now away from corporate network and it’s being used by users at home .
Currently we are not able to manage any clients since we don’t have any cmg or internet based client configuration.
Our users are currently workig throug VPN and we want manage those vpn clients thru SCCM
Could any one help me to configure the vpn clients through sccm
I would like to know the exact ports for vpn client s to communicate with SCCM and need to be managed for deploying application or software updates.
Does any one already did this configuration in your organization?
Is it possible to provide the details?
Appreciate your kind support in advance .
Thank you
Answers ( 5 )
U must open following required ports tcp-
80,8530,3268,8531,443 and 10123 from client to Site server to establish communication.
Link fyr:
https://docs.microsoft.com/en-us/configmgr/core/plan-design/hierarchy/ports
https://howtomanagedevices.com/sccm/1603/sccm-config-to-help-to-reduce-vpn/
Since, the point of VPN is to provide a tunnel into the corporate network, making the external clients assume that they are now internal, the only thing you need to do is add the boundaries of your VPN network. You should be able to get that info from your networking team.
There is no further configuration assuming the clients have been working when they were physically connected to the corporate network. Hopefully, you have VPN split tunneling.
Hi,
i have added the boundary and still the clients are not communicating with sccm.
our network security team is not opened communication to SCCM from VPN clients.
So i just want to know 2 things
.What are ports need to be open from VPN Client to SCCM for application deployments ,software updates and remote access.
Moreover i want to open the SCCM console from VPN Client(IT Support teams computers) to provide the support to vpn users.
highly appreciate if you could provide the details
Regards
So all the ports required on-prem is required for VPN clients also.
No change at all
DP – 80 or (if it’s https 443)
– 8005 for express update
MP – 80 or (if it’s https 443)
SUP – 8530 or 80
Global catalog LDAP — 3268 (domain controller)
Try this https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports
Thank you Anoop.
i will update you the status once network security team approves.
Regards