Firewall Rules & Port Requirements Master Reference

Field	Detail
Document Type	Quick Reference — Informational
Audience	All Technicians (T1 / T2 / T3), Project Technicians, Account Managers
Last Updated	March 2026
Version	1.0
Author	DTC Engineering

---

1. How to Use This Document

This is a lookup reference, not a policy document. Use it when you need to quickly answer: "What ports does [application] need?" or "What should I exclude from antivirus for [application]?"

When to use this document:

• Troubleshooting connectivity between server and workstations
• Configuring Windows Firewall exceptions after a new install or server migration
• Verifying UDM inter-VLAN firewall rules when segmenting a client's network
• Validating outbound internet access for cloud services (eClaims, licensing, VoIP)
• Setting up AV exclusions during onboarding or after endpoint protection deployment
• Pre-work validation for the Network Assessment Toolkit (see Automation System Prompts)

When NOT to use this document:

• For step-by-step installation procedures — see the application-specific SOPs linked in each section
• For UDM firewall rule configuration — see Our Firewalls (p.720) and Ubiquiti Config Quick Reference (p.975)

Architecture note: Most DTC dental offices run a flat Production VLAN where server-to-workstation traffic is not filtered by the UDM. These LAN ports only become firewall-relevant when offices have VLAN segmentation (Production, Servers, Voice, Guest) with inter-VLAN rules — or when Windows Firewall on the server is blocking traffic.

---

2. Shared Infrastructure Ports

These ports appear under multiple applications because they serve common infrastructure. They are listed here for holistic firewall audits, and also repeated under each application so a tech troubleshooting a specific app sees everything they need in one place.

Port	Protocol	Service	Used By
445	TCP	SMB / File Sharing	Dentrix (mapped drive), Eaglesoft (shared files), Open Dental (A-Z folder), DEXIS (image share), CS Imaging (image repository), Veeam (file-level operations)
1433	TCP	Microsoft SQL Server (default instance)	PBS Endo, TDO, CS Imaging 8 (embedded SQL Express), Dentrix Imaging Center (VIPER instance)
3306	TCP	MySQL / MariaDB	Open Dental (direct connection mode)
135	TCP	RPC Endpoint Mapper	Veeam (WMI/DCOM discovery), Windows remote management
137-139	TCP/UDP	NetBIOS	Veeam (initial host discovery), legacy file sharing
80 / 443	TCP	HTTP / HTTPS	NinjaOne agent, Microsoft 365, VoIP provider cloud services, DTX Studio licensing, Weave sync

---

3. LAN Ports — Server ↔ Workstation

All ports in this section are for internal network traffic between the server and workstations (or between the BDR and Hyper-V host). These must be open on the server's Windows Firewall and allowed through any inter-VLAN UDM firewall rules if the office is segmented.

3.1 Dentrix G7

Source SOP: Dentrix T2/T3 Operational Reference (p.1112), Section 2

Port	Protocol	Service	Notes
6597	TCP	Dentrix core communication	Primary app communication
5712	TCP	Dentrix service communication
6602–6606	TCP	Dentrix module communication	Range — all five ports required
6610	TCP	Dentrix service communication
445	TCP	SMB — mapped drive to Dentrix data folder	Workstations access \SERVER\Dentrix\

⚠️ The Dentrix installer attempts to create Windows Firewall exceptions automatically. Third-party firewalls or GPO-managed Windows Firewall require manual configuration.

Quick diagnostic:

# From a workstation — test primary Dentrix ports
Test-NetConnection -ComputerName [SERVER_IP] -Port 6597
Test-NetConnection -ComputerName [SERVER_IP] -Port 5712

3.2 Eaglesoft (Patterson)

Source SOP: Eaglesoft T2/T3 Operational Reference (p.1130), Section 6

Port	Protocol	Service	Notes
2638	TCP	SQLAnywhere Database Engine	Primary database port. Most common port-related failure — if blocked, no workstation connects.
5964	TCP	Eaglesoft Messenger Server	Inter-office messaging only. Eaglesoft itself still works if blocked.
2010	TCP	Patterson Application Server (PattersonAppServer.exe)	Core app service communication
2012	TCP	Eaglesoft Dual Database	Only used if practice runs a secondary/dual database. Not all offices use this.
2013	UDP	Eaglesoft Fast CheckIn	Kiosk/check-in detection. Will not show in standard TCP port scans.
2014	TCP	Patterson Image Server (PattersonImagingServer.exe)	ES 21.20 and above only. Older versions do not use this port.
445	TCP	SMB — shared Eaglesoft folder	Workstations access \SERVER\EagleSoft\

Quick diagnostic:

# From a workstation
Test-NetConnection -ComputerName [SERVER_IP] -Port 2638
Test-NetConnection -ComputerName [SERVER_IP] -Port 2010
Test-NetConnection -ComputerName [SERVER_IP] -Port 5964
Test-NetConnection -ComputerName [SERVER_IP] -Port 2014

# On the server — check what's listening
netstat -ano | findstr "2638 5964 2010 2012 2013 2014"

Patterson FAQ References: FAQ 15372 (Ports & Executables), FAQ 4939 (General Firewall Info), FAQ 18179 (Patterson Imaging Firewall)

3.3 Open Dental

Source SOP: Open Dental T1/T2/T3 Operational Reference (p.1105), Section 1

Port	Protocol	Service	Notes
3306	TCP	MySQL / MariaDB	Direct connection mode (most DTC sites). Each workstation connects to MySQL on server.
80 or 443	TCP	IIS Web Service	Middle Tier mode only (2 DTC sites currently). Workstations connect via HTTP/HTTPS to IIS instead of direct MySQL.
445	TCP	SMB — A-Z image folder	Workstations access \SERVER\OpenDentImages\

Quick diagnostic:

# Direct connection mode
Test-NetConnection -ComputerName [SERVER_IP] -Port 3306

# Middle Tier mode
Test-NetConnection -ComputerName [SERVER_IP] -Port 80

3.4 PBS Endo Enterprise

Source SOP: PBS Endo Enterprise Operational Reference (p.1124), Section 2

Port	Protocol	Service	Notes
9090–9096	TCP	PBS Endo Server Service	Full range required. Workstations do NOT connect to SQL directly — the server service is the intermediary.
1433	TCP	SQL Server	Server-side only — used internally between PBS Endo Server and SQL. Not directly accessed by workstations.

⚠️ If another application grabs ports 9090-9096, the PBS Endo Server service will fail to start. Check with netstat -ano | findstr "909" on the server.

Quick diagnostic:

# From a workstation
Test-NetConnection -ComputerName [SERVER_IP] -Port 9090

3.5 TDO Software (v12)

Source SOP: TDO Operational Reference (p.1127), Section 2

Port	Protocol	Service	Notes
4150	TCP	TDO Application	Primary TDO communication
8739	TCP	TDO Application	Secondary TDO communication
1433	TCP	SQL Server	Default instance. Also requires sqlservr.exe and sqlbrowser.exe firewall exceptions.

TDO does not run as a persistent Windows service — the application connects directly to SQL Server from each workstation.

Quick diagnostic:

Test-NetConnection -ComputerName [SERVER_IP] -Port 4150
Test-NetConnection -ComputerName [SERVER_IP] -Port 8739

3.6 DTX Studio Core ↔ Clinic

Source SOP: DTX Studio Clinic & Core System Requirements (p.1058), Section 3.4

Port	Protocol	Service	Notes
26850	HTTPS	Core ↔ Clinic communication	DTC standard — use HTTPS. Recommended and encrypted.
26851	HTTP	Core ↔ Clinic communication (unencrypted)	Not recommended — only use for troubleshooting TLS issues.
4440+	TCP	Localhost communication (dynamic)	Clinic uses dynamically assigned localhost ports starting from 4440. Not relevant for inter-machine firewall rules.

⚠️ If Core ports were customized during installation, check the Core web admin UI for the actual port numbers.

3.7 Carestream CS Imaging 8

Source: Carestream Installation Guide (SM840), CS Monitor Server Configuration

Port	Protocol	Service	Notes
Configurable (default ~80)	TCP	CS Imaging Server (Web Server Port)	Assigned during installation. Check CS Monitor → Configure → General Settings for the actual port.
Configurable	TCP	CS Deployment Server	Software deployment and auto-update port. Also assigned during install.
Configurable	TCP	CS Data Collector	Cloud data transfer (CSD cloud). Assigned during install.
1433	TCP	SQL Server Express (embedded)	Installed with CS Imaging 8 if "Install embedded SQL" is selected.
445	TCP	SMB — image repository	Image database stored on shared UNC path with full control for Everyone group.

⚠️ CS Imaging 8 ports are configurable at install time — they are auto-proposed and may vary between sites. Always check CS Monitor → Configure → General Settings on the server for actual port numbers. Document the actual ports in IT Glue for each client.

3.8 DEXIS Imaging Suite

DEXIS Imaging Suite is primarily file-share based — it does not use dedicated application-specific TCP ports for client-server communication like Eaglesoft or Dentrix. Image data is stored on a shared folder accessed via SMB.

Port	Protocol	Service	Notes
445	TCP	SMB — DEXIS image share	Workstations access the shared DEXIS image folder on the server

For the newer DTX Studio ecosystem (which DEXIS is migrating toward), see Section 3.6 above.

3.9 Veeam Backup & Replication

Source SOPs: Veeam B&R Standards (p.1004), Veeam BDR Deployment SOP (p.1096), Veeam Troubleshooting Playbook (p.1115)

These ports must be open between the BDR appliance and the Hyper-V host(s), and between the BDR and any workstations in the protection group.

Port	Protocol	Service	Notes
6162	TCP	Veeam Data Mover	Primary data transfer service
9392	TCP	Veeam Backup Service	Backup service communication
9393	TCP	Veeam RESTful API	API service (default install)
9401	TCP	Veeam Catalog Service	Catalog data service
2500–3300	TCP	Data transfer channels	Dynamic range for backup/replication data
445	TCP	SMB	File-level operations
135	TCP	RPC Endpoint Mapper	WMI/DCOM initial discovery
137–139	TCP/UDP	NetBIOS	Initial host discovery

Quick diagnostic:

# From BDR — test connectivity to Hyper-V host
Test-NetConnection -ComputerName [HV_HOST_IP] -Port 6162
Test-NetConnection -ComputerName [HV_HOST_IP] -Port 9392
Test-NetConnection -ComputerName [HV_HOST_IP] -Port 445

# On target host — check Veeam services
Get-Service -Name "*veeam*"
netstat -an | findstr "6162 2500 9392"

Firewall exception commands (run on Hyper-V host):

netsh advfirewall firewall add rule name="Veeam Data Mover" dir=in action=allow protocol=TCP localport=6162
netsh advfirewall firewall add rule name="Veeam Backup Service" dir=in action=allow protocol=TCP localport=9392
netsh advfirewall firewall add rule name="Veeam Data Transfer" dir=in action=allow protocol=TCP localport=2500-3300

3.10 Printing (Print Server)

Source SOP: Setup Printers via GPO (p.402)

Port	Protocol	Service	Notes
9100	TCP	RAW / JetDirect printing	Standard TCP/IP port for network printers. No WSD ports — ever.
445	TCP	SMB — print server shares	Workstations connect to \PRINTSERVER\PrinterName via GPO
631	TCP	IPP (Internet Printing Protocol)	Rarely used in DTC environments. Included for completeness.

3.11 VoIP (LAN-side)

Source SOP: VoIP Operations (p.1042), Section 11.6

These are the ports phones use on the LAN to communicate with cloud VoIP providers. They must be allowed outbound through the UDM and not blocked by IPS.

Port	Protocol	Service	Notes
5060	UDP	SIP signaling (unencrypted)	Call setup/teardown
5061	TCP/TLS	SIP signaling (encrypted)	Encrypted SIP — Freedom Voice uses encrypted SIP over UDP
10000–20000	UDP	RTP / SRTP media streams	Actual voice audio. Range varies by provider.
3478	UDP/TCP	STUN / TURN	NAT discovery. Used by Weave, RingCentral, 8x8, Teams, Zoom. Freedom Voice does NOT use STUN.

3.12 UniFi Device Management

Source SOP: Device Adoption & Firmware Management (p.999)

Port	Protocol	Service	Notes
8080	TCP	Device inform / adoption	Devices communicate with controller
8443	TCP	Controller GUI (HTTPS)	Web management interface
3478	UDP	STUN	Used for device communication
10001	UDP	Device discovery	UniFi device discovery protocol
6789	TCP	Speed test	UniFi speed test between devices
22	TCP	SSH	Device management (SSH must be available on default port)

For full UniFi configuration details, see Ubiquiti Config Quick Reference (p.975).

---

4. WAN Ports — Outbound Internet Requirements

All ports in this section are outbound from the server or workstation to the internet. These must be allowed through the UDM firewall and any URL/content filtering.

4.1 Eaglesoft eServices

Source SOP: Eaglesoft T2/T3 Operational Reference (p.1130), Section 6.4

eClaims — Vyne Trellis (Current Platform):

Destination	Port	Protocol	Notes
rl7.rss-llc.com	443	HTTPS	Vyne claim upload and client portal
services1.rss-llc.com	443	HTTPS	Vyne backend services

eClaims — Optum/Change Healthcare (Legacy):

Destination	Port	Protocol	Notes
claimservices.webmddental.com (170.138.32.222)	443	HTTPS	Legacy Optum eClaims — 128-bit encrypted

eStatements:

Destination	Port	Protocol	Notes
mftgateway.changehealthcare.com (170.138.34.31)	22	SFTP	ES 21.30 and higher
ftp.expressbill.com (170.138.220.80)	990, 28000–30000	FTPS	ES 21.20 and below — wide range that some firewalls block

Patterson FAQ Reference: FAQ 10905 (Sites, Ports and IPs for eServices Firewall Exceptions)

4.2 DTX Studio Licensing

Source SOP: DTX Studio Clinic & Core System Requirements (p.1058), Section 3.4

Destination	Port	Protocol	Notes
nobellicense.nobelbiocare.com	443	HTTPS	License server — required for Clinic and AI module activation
nobelstats.nobelbiocare.com	443	HTTPS	Anonymous usage statistics

⚠️ DTX Studio uses WinHTTP proxy settings, not user-level proxy. If the practice uses a proxy, WinHTTP must be configured separately or license activation will fail: netsh winhttp show proxy

4.3 NinjaOne / NinjaRMM Agent

Destination	Port	Protocol	Notes
*.ninjarmm.com	443	HTTPS	Primary agent communication (TLS 1.2 with PFS)
*.ninjarmm.com	80	HTTP	Initial connection (immediately redirects to 443)
NinjaOne endpoints	7075	TCP	Fallback port for NinjaOne Remote if 443 is unresponsive
Splashtop endpoints	443	HTTPS	Remote access (Splashtop) — see Splashtop documentation for full endpoint list
Patch download sources	80/443	HTTP/HTTPS	Third-party vendor patch downloads (Windows Update, application vendors)

NinjaOne agent requires outbound only — no inbound rules needed on endpoints.

4.4 Microsoft 365 / Azure / Teams

Microsoft maintains a comprehensive and frequently updated list of required endpoints. Rather than duplicating it here (it changes regularly), reference the canonical source:

Canonical Reference: Microsoft 365 URLs and IP address ranges

Summary of critical ports:

Service	Port	Protocol	Key Domains
Exchange Online (Outlook)	443	HTTPS	*.outlook.office.com, *.outlook.office365.com
Teams (signaling + media)	443	TCP	*.teams.microsoft.com
Teams (audio/video)	3478-3481	UDP	*.lync.com, *.teams.microsoft.com — UDP is critical for call quality
SharePoint / OneDrive	443	HTTPS	*.sharepoint.com, *.onedrive.com
Authentication (Entra ID)	443	HTTPS	login.microsoftonline.com, login.microsoft.com
Office Apps activation	443	HTTPS	*.officeapps.live.com, *.microsoft.com

⚠️ If Microsoft Teams call quality is poor, check that UDP 3478-3481 is allowed outbound. Teams will fall back to TCP 443 if UDP is blocked, but audio/video quality degrades significantly.

4.5 Veeam S3 Offsite & VSPC

Source SOP: Veeam BDR Deployment SOP (p.1096), Sections 7-8

Destination	Port	Protocol	Notes
S3 endpoint (per client bucket)	443	HTTPS	Offsite backup copy to S3 object storage
vspc.dtctoday.com	1280	TCP	VSPC registration and monitoring

4.6 VoIP Provider Cloud Services

VoIP phones and server-side agents need outbound internet access. Specific endpoints vary by provider — the ports in Section 3.11 cover the protocol-level requirements. Provider-specific domains:

Provider	Key Domains	Notes
Freedom Voice	weblink.freedomvoice.com	Weblink portal for management and fax
Weave	*.getweave.com, status.getweave.com	Server sync agent + desktop app
RingCentral	*.ringcentral.com	Phone provisioning and management
8x8	*.8x8.com	Phone provisioning and management

---

5. AV Exclusions & URL Whitelists

Endpoint protection (Microsoft Defender, NinjaOne-deployed AV) can interfere with dental software by quarantining executables, scanning database files during I/O, or blocking legitimate network traffic. These exclusions are vendor-documented requirements, not optional performance tuning.

5.1 Eaglesoft (Patterson)

Source SOP: Eaglesoft T2/T3 Operational Reference (p.1130), Section 6.2–6.3

Server executable exclusions:

Executable	Purpose	Version Notes
Dbsrv17.exe	SQLAnywhere database engine	ES 20.00+
Dbsrv16.exe	SQLAnywhere database engine	ES 18.10–19.10
Dbsrv10.exe	SQLAnywhere database engine	ES 16.00–18.00
ESMsgServer.exe	Eaglesoft Messenger Server	All versions
PattersonAppServer.exe	Patterson Application Server	All versions
PattersonAppServer2.exe	Dual Database Application Server	Dual DB only
PattersonImagingServer.exe	Patterson Image Server	ES 21.20+
PattersonServerStatus.exe	Server status monitoring	All versions

Vyne Trellis executable exclusions (server):

• ClaimListener.exe
• FileWatcher.exe
• VyneFileService.exe

Folder exclusions (server AND workstations):

• Entire Eaglesoft installation directory (default: C:\Eaglesoft\Shared Files\ — verify by right-clicking the desktop shortcut → Properties → Start In)

5.2 PBS Endo

Source SOP: PBS Endo Enterprise Operational Reference (p.1124), Section 6

Folder exclusions (server AND workstations):

• C:\PBSEndo\ — vendor-documented requirement, not optional
• sqlservr.exe — exclude SQL Server process from AV scanning

5.3 TDO Software

Source SOP: TDO Operational Reference (p.1127)

Folder exclusions:

• \TDOfficeData\ — critical data directory on server
• SQL Server data directory

5.4 Dentrix

Source SOP: Dentrix T2/T3 Operational Reference (p.1112), Section 7.3

Folder exclusions (server AND workstations):

• Entire Dentrix data folder (typically \\SERVER\Dentrix\ or C:\Dentrix\)
• Dentrix program folder (C:\Program Files (x86)\Dentrix\)
• Database engine processes (Pervasive/Actian w3dbsmgr.exe for older G7, or Dentrix SQL service executable for newer G7.4+)

5.5 Open Dental

Source SOP: Open Dental T1/T2/T3 Operational Reference (p.1105), Section 2.6

Folder exclusions:

• Open Dental program directory (C:\Program Files (x86)\Open Dental\)
• MySQL data directory (typically [DataDrive]:\ProgramData\MySQL\MySQL Server X.X\Data\)
• A-Z image folder (UNC path varies by site)

5.6 Veeam Backup & Replication

Source SOP: Veeam BDR Deployment SOP (p.1096), Section 10

Process exclusions (BDR appliance):

• C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe
• C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Manager.exe
• C:\Program Files\Veeam\Backup and Replication\Backup Catalog\Veeam.Backup.CatalogDataService.exe
• VeeamAgent.exe
• VeeamDeploymentSvc.exe

Folder exclusions (BDR appliance):

• C:\Program Files\Veeam\
• BDR repository path (e.g., D:\Backups\)
• C:\VBRCatalog\
• C:\Windows\Veeam\

File type exclusions: .vbk, .vib, .vrb, .vsb, .vlb

Deploy via PowerShell (from Veeam BDR Deployment SOP):

# Process exclusions
Add-MpPreference -ExclusionProcess "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Service.exe"
Add-MpPreference -ExclusionProcess "C:\Program Files\Veeam\Backup and Replication\Backup\Veeam.Backup.Manager.exe"
Add-MpPreference -ExclusionProcess "VeeamAgent.exe"
Add-MpPreference -ExclusionProcess "VeeamDeploymentSvc.exe"

# Folder exclusions
Add-MpPreference -ExclusionPath "C:\Program Files\Veeam\"
Add-MpPreference -ExclusionPath "D:\Backups\"  # Adjust to actual repo path
Add-MpPreference -ExclusionPath "C:\VBRCatalog\"
Add-MpPreference -ExclusionPath "C:\Windows\Veeam\"

# File type exclusions
Add-MpPreference -ExclusionExtension ".vbk"
Add-MpPreference -ExclusionExtension ".vib"
Add-MpPreference -ExclusionExtension ".vrb"
Add-MpPreference -ExclusionExtension ".vsb"
Add-MpPreference -ExclusionExtension ".vlb"

⚠️ If Microsoft Defender for Endpoint is deployed via NinjaOne, ensure exclusions are pushed via policy. Manual local exclusions may be overwritten by policy sync.

---

6. Quick Diagnostic Commands

Universal port test from any workstation:

# Test any TCP port
Test-NetConnection -ComputerName [SERVER_IP] -Port [PORT]

# Test multiple ports at once (PowerShell)
@(2638, 5964, 2010, 445) | ForEach-Object {
    $result = Test-NetConnection -ComputerName [SERVER_IP] -Port $_ -WarningAction SilentlyContinue
    [PSCustomObject]@{ Port = $_; Open = $result.TcpTestSucceeded }
} | Format-Table -AutoSize

Check what's listening on a server:

# All listening ports
netstat -ano | findstr "LISTENING"

# Specific application ports (example: Eaglesoft)
netstat -ano | findstr "2638 5964 2010 2012 2013 2014"

# Identify process by PID
Get-Process -Id [PID_FROM_NETSTAT]

Check Windows Firewall status and rules:

# Firewall status
Get-NetFirewallProfile | Select Name, Enabled

# Find rules matching a port
Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -eq '2638' } |
    Get-NetFirewallRule | Select DisplayName, Enabled, Action, Direction

---

7. Document Cross-References

Document	Page	Relevant Sections
Eaglesoft T2/T3 Operational Reference	1130	Section 6 (full port & AV reference)
Dentrix T2/T3 Operational Reference	1112	Section 2 (network requirements)
Open Dental T1/T2/T3 Operational Reference	1105	Section 1 (architecture), Section 2.5 (connection failures)
PBS Endo Enterprise Operational Reference	1124	Section 2 (architecture), Section 6 (port conflicts)
TDO Software Operational Reference	1127	Section 2 (architecture)
DTX Studio Clinic & Core System Requirements	1058	Section 3.4 (firewall and network requirements)
VoIP Operations	1042	Section 11.6 (key ports), Section 4.1 (network readiness)
Veeam B&R Standards	1004	Section 5 (firewall rules)
Veeam BDR Deployment SOP	1096	Section 5 (firewall ports), Section 10 (Defender exclusions)
Veeam Troubleshooting Playbook	1115	Connectivity troubleshooting
Our Firewalls	720	DTC firewall standards and policy structure
Ubiquiti Config Quick Reference	975	UDM configuration details
Setup Printers via GPO	402	Print server port configuration
Device Adoption & Firmware Management	999	UniFi device management ports
Network Connectivity Troubleshooting Decision Tree	1031	Layer-by-layer network diagnostics
Automation System Prompts — Network Assessment Toolkit	Project File	Port scanning and gap analysis standards

---

8. HALO Ticket References

Ticket #	Relevance
1125653	Windows Installer folder disk exhaustion — 128 GB orphaned patches. Triggered disk_health standards in Network Assessment Toolkit.
1117316	Cross-subnet Veeam transport failure — port/firewall debugging between 192.168.1.x and 192.168.16.x subnets
1121433	.NET dependency chain failure during application install — relevant to Eaglesoft and DTX Studio prerequisites

Add additional tickets as port/firewall-related patterns are identified.

---

9. Document Control

Version	Date	Author	Changes
1.0	March 2026	DTC Engineering	Initial release. Consolidated port data from 15+ individual SOPs: Eaglesoft (p.1130), Dentrix (p.1112), Open Dental (p.1105), PBS Endo (p.1124), TDO (p.1127), DTX Studio (p.1058), VoIP Operations (p.1042), Veeam Standards (p.1004), Veeam BDR Deployment (p.1096), Veeam Troubleshooting (p.1115), Our Firewalls (p.720), Print Server GPO (p.402), Device Adoption (p.999). Added NinjaOne agent ports from vendor documentation. Added Microsoft 365 summary with canonical Microsoft reference. Added CS Imaging 8 configurable port documentation. Added AV exclusion consolidation.

---

Confidential — DTC Internal Use Only