
Firewall Ports used by NG & MF
Q I would like to configure a firewall on the server. What ports does PaperCut use?
The main network TCP ports used by PaperCut are:
9191
for HTTP connections9192
for secure HTTP/SSL connection9193
for device RPC (only used for embedded copier/MFP solutions)
UDP ports are not used for connections from PaperCut client to the sever, only standard TCP. All connections are made inbound from clients and secondary servers to the primary server. No outbound connections are made by the primary server to any workstation or secondary server.
PaperCut uses standard HTTP XML WebServices for client-server and server-server communication (XML-RPC). Sensitive data is sent over SSL/HTTPS on port 9192. The PaperCut installer on Windows and Mac will endeavor to make sure these ports are open. Linux systems running firewalls may need to manual open these ports to local network IP addresses as appropriate.
Card Readers
Elatec TWN3 Reader and TCP Converter
- Outbound
7778
RFIDeas Lantronix
- Outbound
10001
RFIdeas Ethernet 241
- Outbound
2000
External Database
PaperCut makes use of the jTDS JDBC driver for Microsoft SQL server and SQL Server Express, the postgresql JDBC driver for PostgreSQL, Oracle JDBC for Oracle and MySQL JDBC for MySQL.
You may specify a custom port, the defaults are below.
- Oracle:
1521
- Microsoft SQL Server:
1433
- Microsoft SQL Server Express:
1450
- MySQL:
3306
- PostgreSQL:
5432
Google Cloud Directory
PaperCut NG and PaperCut MF will use Secure LDAP to communicate with the Google Cloud Directory service:
636
TCP (LDAPS), with outbound connections to:ldap.google.com
Note: make sure any firewall rules allow “any” as source port for the PaperCut server in this case. The source/client port is dynamically allocated, and not meaningful.
Directory Services
PaperCut NF and PaperCut MF can synchronise user accounts from a directory using LDAP
389
TCP (LDAP) or636
TCP (LDAPS)
PaperCut MF Cloud Services (Integrated Scanning with Scan to Cloud and/or Cloud OCR)
For a PaperCut server to have content processed by PaperCut MF Cloud Services it must be able to form an outgoing connection to the following endpoints:
443
TCP (HTTPS), with connection to:https://*.papercut.com/*
https://storage.googleapis.com/*
the following specific URLs are used, depending on your PaperCut version and PaperCut MF Cloud Services hosting region, in case you are unable to use a wildcard in the domain part:
443
TCP (HTTPS), with connection to:https://scan.cloud.papercut.com/*
https://ocr.cloud.papercut.com/*
https://scan.au.cloud.papercut.com/*
https://ocr.au.cloud.papercut.com/*
https://scan.eu.cloud.papercut.com/*
https://ocr.eu.cloud.papercut.com/*
https://scan.us.cloud.papercut.com/*
https://ocr.us.cloud.papercut.com/*
https://scan.papercut.com/*
(legacy)
Integrated Scanning - Self-Hosted Document Processing (FKA On-prem OCR, locally hosted)
9181
TCP (HTTPS) inbound on the Self-Hosted Document Processing Server
(The Windows Firewall is configured automatically by the installer. Manual configuration is only required if using an off-box or 3rd party software firewall.)
Job Ticketing
The following port and URL endpoints must be externally available for auto updating:
443
TCP (HTTPS), with connections to:https://pc-job-ticketing.appspot.com/*
https://storage.googleapis.com/pc-job-ticketing.appspot.com/*
Print Deploy
See the Print Deploy system requirements page which shows the ports and protocols we use.
Mobility Print
See the Mobility Print system requirements page which shows the ports and protocols we use.
Multi Function Devices
PaperCut MF uses a variety of port for connecting to copiers, MFPs and other devices. These are listed below by device.
Brother
- Inbound (device connecting to PaperCut)
9191
TCP/HTTP
Canon
- Inbound (device connecting to PaperCut)
9191
9192
9193
Dell (AIP)
- Inbound (device connecting to PaperCut)
9191
9192
- Outbound (PaperCut connecting to the device)
443
HP
- Inbound
9191
9192
9193
- Outbound connections from PaperCut to the HP devices on port:
7627
(TCP/HTTPS)80 / 443
Fuji-Xerox (AIP)
- Inbound (device connecting to PaperCut)
9191
9192
- Outbound (PaperCut connecting to the device)
80
443
Konica-Minolta
- Inbound (device connecting to PaperCut)
9191
9192
9195
(Required for SHA2 on MF v18.3 onwards)
- Outbound (connecting to the device)
50003
80/443
Kyocera
- Inbound
9191
9192
9193
Lexmark
- Inbound
9191
9192
9193
Ricoh SDK/J
- Inbound
9191
(if configured to use port 9193 and Integrated Scanning)9192
9193
51443
(for setup with Remote Operation Client)
Ricoh SmartSDK
- Inbound
9191
9192
51443
(for setup with Remote Operation Client)
Samsung
- Inbound
9191
(if using custom logos)9192
9193
Sharp
- Inbound
9191
9192
- Outbound
80
443
Toshiba
- Inbound
9191
TCP - for EWB and SOAP events9192
TCP - secure messages for EWB and SOAP events10389
TCP (LDAP) for SDK1 and SDK2 only10636
TCP (LDAPS) for SDK1 and SDK2 only162
UDP (SNMP traps) for SDK1 only
- Outbound
161
UDP (SNMP) for SDK1 only49629
TCP (HTTP) for SDK2, SDK3 and RD30 only49630
TCP (HTTPS) for SDK2, SDK3 and RD30 only50083
TCP (HTTP) for SDK3 only (for scanning)
VCC Terminals
- Outbound
1234
1235
Xerox
- Inbound
9191
9192
- Outbound
80
443
SNMP
- Outbound (PaperCut connecting to the Printer/Device)
161
UDP
Windows Print Spooler Service
The PaperCut Print Provider service will use TCP/IP ports allocated by the Windows Print Spooler service. The Windows Print Service uses the dynamic port range from 49152 to 65535. You will need to retain this port range when redirecting print jobs between a Primary and Secondary server (Cross-Server Redirection).
49152-65535
TCP and UDP445
TCP, Server Message Block
If using NetBIOS:
137/138
UDP, Name and Datagram Services139
TCP, Session Services
Categories: Reference Articles, Administration, Installing, Uninstalling and Migrating
keywords: port, TCP, fire wall, firewall rules, anti virus
Comments