This article provides detailed information in regards to inbound/outbound port requirements for a Defender installation. This may be required for an advanced firewall setup and to achieve the most secure port blocking possible without affecting the Defender application.
Web Browser to Web Server
Local (random) port on the client workstation ==> Port 80 / 443 on the Web Server (To load the Defender Reports web pages)
Web Server to Domain Controller (DC)
Local (random) port on the Web Server ==> LDAP port 389 or 636 (SSL LDAP) on the Domain Controller (To retrieve the Defender configuration from Active Directory, e.g. Access nodes settings, DSS information, token types, etc.)
Web Server to DSS (Defender Security Server)
Local (random) port on the Web Server ==> File sharing ports TCP 139/445 & UDP 137/138 on the DSS (to retrieve the DSS logs and to retrieve the Defender authentication history from the DSS logs).
Further information can be found from Microsoft regarding file sharing ports, e.g.:
Internet firewalls can prevent browsing and file sharing
The DSS accepts incoming requests on UDP 1812 in Defender 5.5 and above, UDP 1645 is the default in earlier versions of Defender for RADIUS authentications. This port is configured in the Access Node assigned to the DSS.
Outgoing requests are TCP ports 389 & 636 for LDAP queries to AD.
Note: Computers usually bind to a "Local (random) port" to initialize a connection to a remote port on a specific computer. This local port is usually above the "common ports" so will be between 1024 & 65535.
The default port for the Management Portal is 8080. This can be altered during installation or via the IIS port bindings afterwards.
You may also find this helpful - It also has more information on the file sharing ports used:
List of TCP and UDP port numbers