Ports used by Epicor?


Does ANYONE have a list of ports used by Epicor for import and export of data, specifically BAQ Export Process? We are being required by our parent company security people to provide port numbers needed to be open between servers and clients when exporting or importing files, and I have NO IDEA where to look for this info. I am NOT a sysadmin, but I still need this info if anyone has it.

Nathan Anderson has a nice document on EpicCare:

Port, Network, Process & Folder Exclusions / Whitelist

While it is talking about Anti-Virus, it should contain the information you need for corporate.

Client and Epicor IIS server(s)

  • 808 (net.tcp)
  • 443 (ssl/https)

Epicor IIS server(s)

  • 80 (default IIS/Report Server/Help)
  • 135 (inbound TCP connection)
  • 9010 (task agent service)
  • 8172 (we check this port during the creation of appservers; aka: webdeploy port)
  • 8098/9098 (Enterprise Search)
  • 1024 through 65535 (DCOM port communications. If you want to limit this then configure DCOM to use a smaller port range).

SQL server(s)

  • 80 (IIS/Default Report Server)
  • 1433 (SQL)
1 Like

And if all else fails…maybe Wireshark?


Are you trying to push the BAQ export file to some shared folder on a machine different than the appserver? You might be looking for the SMB port 445… either outbound from the appserver or inbound on the other machine.

Since going to Azure and starting to implement Network Security Groups (NSGs), we’ve been struggling with this topic too. We never had to think about port numbers before, but now we need to be experts. We find that a lot of vendors can’t even tell us which ports their software uses…

Today we noticed DCOM ports in @aidacra 's guide article. We’ve been blocking those and are now wondering what kind of issues that may have been causing… @Mark_Wonsil , I see you’re online, any sage advice on DCOM ports?

I honestly don’t know what could be using DCOM. Information Worker maybe? Nathan and/or @Olga would know better.

But if it were me, I would go all https everywhere if I could.