iPXE Anywhere 2PXE Server
3.6
3.6
  • Start Here - 2PXE Server 3.6
  • Introduction
    • 2PXE Overview
    • Technical Overview
    • Release Notes
  • Proof of Concept
    • Objectives & Prerequisites
    • Install and Configure 2PXE
    • Testing and Validation
    • 2PXE POC Quick Checklist
  • Planning
    • Planning Your Implementation
    • Permissions
    • Firewall Considerations
    • Antivirus Exclusions
  • Installation
    • 2Pint PXE Server Manual Installation
    • Unattended Installation
    • 2PXE Post Installation Checks
  • Configuration
    • 2PXE Server Configuration File
      • Configuring the 2PXE Request Handlers
    • DHCP Configuration
      • Using DHCP Scope Options
        • Overview - DHCP Scope Options
        • Creating DHCP Scope Options
          • Manually Creating DHCP Scope Options
      • Using IP Helpers
    • Booting custom entries in 2PXE menu
    • iPXE 802.1x Integration
  • Troubleshooting
    • Overview
    • Multi NIC and trunks implementations
    • Custom entries in WinPEShl.ini
    • DP Package Share IIS Permissions
  • Reference
    • iPXE Console Commands
Powered by GitBook
On this page
  1. Planning

Firewall Considerations

The 2PXE and iPXE Anywhere web service both potentially requires changes to your firewall configuration. Generally changes these are not required if you are using the Microsoft Windows firewall.

2PXE uses the following protocols for booting WinPE images:

  • Dynamic Host Configuration Protocol (DHCP)

  • Pre-Boot Execution Environment (PXE)

  • Trivial File Transfer Protocol (TFTP)

  • Hyper Text Transfer Protocol (HTTP)

The following table outlines the User Data Protocol (UDP) and Transmission Control Protocol (TCP) network ports that are used during the process. You can modify the values that have an asterisk (*) by using the instructions in this manual.

DHCP & TFTP

67*, 69, 4011*, Random

2PXE HTTP Traffic

8050*

iPXE Anywhere

8051*

Step by Step UDP and TCP ports used during image deployment:

  1. The client performs a network boot.

  2. 2PXE uses DHCP ports and TFTP to download the binary files. For TFTP and DHCP, you need to open ports 67, 69, and 4011. The TFTP and multicast servers use ports in the range 64001 through 65000 by default.

  3. In accordance with RFC 1783 (http://go.microsoft.com/fwlink/?LinkId=81027), the client chooses random UDP ports to establish the session with the server. If you are using a non-Microsoft firewall, you may need to use an application exception for TFTP on the 2PXE Server.

  4. PXE Client downloads the configured boot loader using TFTP.

  5. The client downloads Windows PE, typically over HTTP or HTTPS and boots to the Windows Deployment Services client. This download also uses the same TFTP ports as mentioned previously or using HTTP directly from the 2PXE server or from the Configuration Manager DP or any other configured HTTP server.

  6. If reporting is enabled, the PXE client will try to communicate over to the iPXE Anywhere Web Service.

The following rules are automatically created when 2PXE starts:

Name

Protocol

File

Port

InterfaceType

2Pint Software 2PXE – TFTP

UDP

C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe

69

ALL

2Pint Software 2PXE – DHCP

UDP

C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe

67

ALL

2Pint Software 2PXE – PXE

UDP

C:\Program Files\2Pint Software\2PXE\2Pint.2pxe.service.exe

4011

ALL

2Pint Software 2PXE – HTTP

TCP

Any

8050

ALL

PreviousPermissionsNextAntivirus Exclusions

Last updated 1 year ago