Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Sokon
Advocate V
Advocate V

Enterprise Gateway: Opening ports 5671-5672 and 9350-9354 essential?

Hello,

In order to let Enterprise Gateway communicate with the Power BI service, I understand that one needs to allow outbound traffic on certain ports.

While opening the firewall for HTTPS traffic is no problem, my customer doesn't like the prospect of opening the ports 5671-5672 and 9350-9354 for a protocol which can't be checked like they do with HTTPS. This seems due to the fact that Service Bus is binary, while HTTPS is XML (I hope that is true?) I know that for e.g. Data Management Gateway opening ports for service bus is optional (LINK)

 

My Questions:

- Did i get the information about the properties of the two kinds of protocol correctly?

- Is opening ports 5671-5672 and 9350-9354 for Power BI essential? Or is that only needed for certain features? If yes, which features?

 

Thanks a lot for any hint!

2 ACCEPTED SOLUTIONS
wonga
Continued Contributor
Continued Contributor

@Sokon

 

According to the Power BI Security Whitepaper, those ports you mentioned are the preferred ports. They will fall back to port 443, if communications on those other ports don't work. Maybe someone on the Power BI team can confirm this.

 

Maybe @dimazaid?

View solution in original post

4 REPLIES 4
wonga
Continued Contributor
Continued Contributor

@Sokon

 

According to the Power BI Security Whitepaper, those ports you mentioned are the preferred ports. They will fall back to port 443, if communications on those other ports don't work. Maybe someone on the Power BI team can confirm this.

 

Maybe @dimazaid?

yes correct!

@dimazaid @wonga

 

Thanks a lot for your help! I'm still working on getting our people to verify your suggestions. Going to report any results as soon as there are any... Smiley Happy

MayAS
Frequent Visitor

The Power BI security whitepaper indicates that if https is used for communication then you only need to open port 443 only. Correct?

 

This part is from the Power BI security whitepaper:

 

  • The gateway supports the following two communications protocols:

    • AMQP 1.0 – TCP + TLS: This protocol requires ports 443, 5671-5672, and 9350-9354 to be open for outgoing communication. This protocol is preferred, since it has lower communication overhead.

    • HTTPS – WebSockets over HTTPS + TLS: This protocol uses port 443 only. The WebSocket is initiated by a single HTTP CONNECT message. Once the channel is established, the communication is essentially TCP+TLS. You can force the gateway to use this protocol by modifying a setting described in the on-premises gateway article.

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.

Top Solution Authors
Top Kudoed Authors