Firewall Ports used by NG & MF
KB Home | Firewall Ports used by NG & MF
Q I would like to configure a firewall on the server. What ports does PaperCut use?
The main network TCP ports used by PaperCut are:
9191for HTTP connections9192for secure HTTP/SSL connection9193for device RPC (only used for embedded copier/MFP solutions)
UDP ports are not used for connections from PaperCut client to the sever, only standard TCP. All connections are made inbound from clients and secondary servers to the primary server. No outbound connections are made by the primary server to any workstation or secondary server.
PaperCut uses standard HTTP XML WebServices for client-server and server-server communication (XML-RPC). Sensitive data is sent over SSL/HTTPS on port 9192. The PaperCut installer on Windows and Mac will endeavor to make sure these ports are open. Linux systems running firewalls may need to manual open these ports to local network IP addresses as appropriate.
Card Readers
Elatec TWN3 Reader and TCP Converter
- Outbound
7778
RFIDeas Lantronix
- Outbound
10001
RFIdeas Ethernet 241
- Outbound
2000
External Database
PaperCut makes use of the jTDS JDBC driver for Microsoft SQL server and SQL Server Express, the postgresql JDBC driver for PostgreSQL, Oracle JDBC for Oracle and MySQL JDBC for MySQL.
You may specify a custom port, the defaults are below.
- Oracle:
1521 - Microsoft SQL Server:
1433 - Microsoft SQL Server Express:
1450 - MySQL:
3306 - PostgreSQL:
5432
Google Cloud Directory
PaperCut NG and PaperCut MF will use Secure LDAP to communicate with the Google Cloud Directory service:
636TCP (LDAPS), with outbound connections to:ldap.google.com
Google Cloud Print
PaperCut NG and PaperCut MF need to be able to communicate to the Google Cloud Print services. This is done on:
443TCP (HTTPS), with connections to:https://www.googleapis.com/*https://accounts.google.com/*https://www.google.com/cloudprint/*
5222TCP (XMPP, using STARTTLS), with a persistent connection to:talk.google.com
By default, this needs to be achievable without the use of a proxy, unless that proxy is “transparent” on TCP ports 80 and 443, and requires no authentication. If running version 17.3 or later of PaperCut NG or PaperCut MF, a proxy server which is not “transparent” may be able to be configured using the instructions found in the following section of the User Manual.
Integrated Scanning - OCR Cloud Service & Scan to Cloud Storage
The following port and URL endpoints must be externally available for a PaperCut server to upload files to PaperCut Cloud Services:
443TCP (HTTPS), with connection to:https://storage.googleapis.com/*https://ocr.cloud.papercut.com/*https://scan.papercut.com/*
Integrated Scanning - On Premise OCR
Coming soon in 19.0 On Premise OCR requires the following port:
9181(HTTPS) Inbound and Outbound
Job Ticketing
The following port and URL endpoints must be externally available for auto updating:
443TCP (HTTPS), with connections to:https://pc-job-ticketing.appspot.com/*https://storage.googleapis.com/pc-job-ticketing.appspot.com/*
Mobility Print
The following ports must be available for internal communications:
9163(HTTP) inbound TCP to the Mobility Print Server9164(HTTPS) inbound TCP to the Mobility Print Server53DNS inbound and outbound UDP to/from DNS server to/from Mobility Print Server5353mDNS inbound and outbound UDP to/from the Mobility Print Server
The following port and URL endpoints must be externally available for auto updating:
443TCP (HTTPS), with connections to:https://mobility-print.papercut.com/*https://storage.googleapis.com/pc-mobility-print.appspot.com/*
Multi Function Devices
PaperCut MF uses a variety of port for connecting to copiers, MFPs and other devices. These are listed below by device.
Brother
- Inbound (device connecting to PaperCut)
9191TCP/HTTP
Canon
- Inbound (device connecting to PaperCut)
91919193
Dell (AIP)
- Inbound (device connecting to PaperCut)
91919192
- Outbound (PaperCut connecting to the device)
443
HP
- Inbound
919191929193
- Outbound connections from PaperCut to the HP devices on port:
7627(TCP/HTTPS)80 / 443
Fuji-Xerox (AIP)
- Inbound (device connecting to PaperCut)
91919192
- Outbound (PaperCut connecting to the device)
80443
Konica-Minolta
- Inbound (device connecting to PaperCut)
919191929195(Required for SHA2 on MF v18.3 onwards)
- Outbound (connecting to the device)
5000380/443
Kyocera
- Inbound
9191(if using custom logos)9193
Lexmark
- Inbound
9191(if using custom logos)9193
Ricoh SDK/J
- Inbound
9191(if configured to use port 9193 and Integrated Scanning)9192919351443(for setup with Remote Operation Client)
Ricoh SmartSDK
- Inbound
919251443(for setup with Remote Operation Client)
Samsung
- Inbound
9191(if using custom logos)9193
Sharp
- Inbound
91919192
- Outbound
80443
Toshiba
- Inbound
9191TCP - for EWB9192TCP - secure messages for EWB10389TCP (LDAP)10636TCP (LDAPS)162UDP (SNMP traps) for SDK1 only
- Outbound
161UDP (SNMP) for SDK1 only49629TCP (HTTP) for SDK2 and RD30 only49630TCP (HTTPS) for SDK2 and RD30 only
VCC Terminals
- Outbound
12341235
Xerox
- Inbound
91919192
- Outbound
80443
SNMP
- Outbound (PaperCut connecting to the Printer/Device)
161UDP
Windows Print Spooler Service
The PaperCut Print Provider service will use TCP/IP ports allocated by the Windows Print Spooler service. The Windows Print Service uses the dynamic port range from 49152 to 65535. You will need to retain this port range when redirecting print jobs between a Primary and Secondary server (Cross-Server Redirection).
49152-65535TCP and UDP445TCP, Server Message Block
If using NetBIOS:
137/138UDP, Name and Datagram Services139TCP, Session Services
Categories: Implementation / Deployment, Architecture
keywords: port, TCP, fire wall, firewall rules, anti virus
Comments
Share your findings and experience with other PaperCut users. Feel free to add comments and suggestions about this Knowledge Base article. Please don't use this for support requests.
Article last modified on March 19, 2019, at 10:08 AM
Printable View | Article History | Edit Article