The following ports are used by Prinergy, and need to be open for Prinergy to work:
Port | Protocol | Process |
|---|---|---|
80 | TCP | IIS Server, Setup, Track, *Automatic License Renewal |
| 443* | TCP | HTTPS (*required for automatic license renewal functionality) |
445 | TCP | SMB |
548 | TCP | AFP (only required if clients use AFP to mount job volumes) |
1521, 2481 | TCP | Oracle |
49100 - 49102 | TCP | Orbacus connection for daemons. 49101 must be accessible from Workshop clients. |
49108, 58888 | TCP | Link |
37001, 49998 | TCP | DiagView daemon, DiagView server |
50010 | UDP | Floating License Manager |
56765 | TCP | Floating License Manager |
37100, 37101 | TCP | Dashboard components |
61233, 61234, 61235, 18804 | TCP | RBA components |
18005, 18080 | TCP | Prinergy Layout Automation |
37102, 37150 - 37250, 61237 | TCP | Digital Print |
52001 | TCP | Prinergy access to ColorFlow Server |
| 49105 | TCP | ColorFlow database access |
37002 | UDP | Locator daemon. Must be accessible from Workshop clients. |
32000-32003, 31000-31003, 52002, 8082-8085, 8091 | TCP | Help system. Must be accessible from Workshop clients. |
| 49152-65535 | TCP | Ports are dynamically allocated in this range to Prinergy daemons and connected to from Workshop clients. The entire range must be accessible from the Workshop clients in order for Workshop to function correctly. |
Note: AFP port information is given for informational purposes and legacy configurations only. AFP is not qualified with Prinergy Workflow 8.0 or later.
Note: For ports required for Kodak Proofing Software, please refer to KPS Ports required page.
The Built-in Windows Firewall is not supported
The software firewall that ships with Windows is not supported on a Prinergy Connect/Direct/Powerpack server. Activating the built-in Windows firewall will cause unpredictable system behavior.
Any firewalling requirements must be met with an external device. Choices include a hardware firewall, software firewall running on another (non-Prinergy) server, or a firewall appliance in a virtual environment. Placement of the firewall in your network infrastructure is important, as Prinergy requires a large range of ports to be opened between primary and secondary servers and Workshop clients.
Information about the firewall requirements of InSite Prepress Portal, InSite Creative Workflow, and other Kodak portal products can be found in the respective products' documentation.
Additional Firewall considerations
If there is a firewall between the Prinergy servers and the Workshop clients, it is critical that the firewall does not close idle connections after some arbitrary time period. If it does, this could result in lags or stalls in Workshop when it is forced to re-establish its connections to the server. Instead, the firewall should be configured to only close the connection if it is determined to be dead by probing to the end hosts to determine the validity of the connection. This feature is known as 'Dead Connection Detection' on Cisco firewalls. If such a feature does not exist on your chosen firewall then the idle timeout should be set to a period equal to a typical production shift and operators should be warned that Workshop may stall for up to a couple of minutes when they return to it if it has been left running but idle for a longer period.
Local-Link IPv4
Subnet IP range 169.254.x.x is reserved within the IPv4 specification for Local-Link self-assigned IP addresses and is not operationally compatible with Prinergy Workflow server software.
See IETF.org article rtfc3927 - https://tools.ietf.org/html/rfc3927