Firewall between PI AF server and PI AF Client

All connectivity between a PI AF Client and a PI AF server occurs through PI AF SDK. The appropriate ports must be open. The PI AF server connection must use the IP address or DNS name of the PI AF server, not the computer name.

By default, PI AF SDK communicates with PI AF server through port 5457 and port 5459.

• Port 5457 is the primary port that PI AF SDK uses to communicate with PI AF server from the client.

• Port 5459 is used by some client products, such as PI OLEDB Enterprise and PI WebParts to communicate with PI AF server.

Depending on how connections are defined, PI AF server may perform a reverse-name lookup of the connecting client IP address as part of the authentication process. The method chosen for name resolution may require that PI AF server be able to open outbound connections on some ports:

• Resolution by way of entries in the HOSTS file (no port requirement, but clients must have fixed IP addresses).

• Resolution by way of DNS (usually port 53).

• Resolution by way of NETBIOS name services (port 137).

You may also need to open port 445 if you wish to search or browse for accounts while remotely managing PI AF security.