Network Access Protection (NAP)

Latest news from the Network Access Protection (NAP) team at Microsoft.


Longhorn Server will have the Windows Firewall ON by default

  • Comments 3
  • Likes

Did you know that the Windows Firewall will be on by default in future Longhorn Server releases? This has impact to you, when you install the any of the Networking related server roles in your NAP deployments you will have to make sure that the ports necessary for those servers to operate are open on the firewall.


In the case of the Network Policy Server (NPS) the following ports are used to receive requests:


UDP:1645 – Legacy RADIUS Authentication and Authorization

UDP:1646 – Legacy RADIUS Accounting

UDP:1812 – RADIUS Authentication and Authorization

UDP:1813 - RADIUS Accounting


While it needs to make outbound requests using:

TCP:389 – Lightweight Directory Access Protocol (LDAP)


Depending on the RADIUS clients you are communicating with you may only need to enable the “non-Legacy” inbound ports.


We are looking at ways we can have these settings created for you automatically when you install the component as well as dynamically updating them if they change, but in the mean time I suggest that if you’re not already running this way consider doing it; this is a great way to mitigate some of the risks of operating a server.


Tell us what you think about this change.


Ryan M. Hurst

Lead Program Manager

Layer 2 Authentication and Authorization

Windows Enterprise Networking

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment