About Intel AMT > Manageability Ports

Manageability Ports

TCP/UDP messages addressed to certain registered ports are routed to Intel AMT when those ports are enabled. Messages received on a wired LAN interface go directly to Intel AMT. Messages received on a wireless interface go to the host wireless driver. The driver detects the destination port and sends the message to Intel AMT. The table below lists the IANA registered ports that Intel AMT may receive:

Deprecation Note:

• Starting from Alder Lake platforms with Raptor Lake CPUs running Intel CSME 16.1 firmware, remote connections to Intel AMT unsecure TCP/IP ports 16992, 16994 and 623 are no longer supported. TLS ports 16993, 16995 and 664 must be used for connecting to Intel AMT. Starting from Intel CSME 19 firmware on Arrow Lake platforms, connecting to Intel AMT without TLS is not supported at all (i.e., also local connections must use TLS ports).

Port	Description	Details
16992 (deprecated)	Intel(R) AMT HTTP	Used for WS-Management messages to and from Intel AMT. This port is open over the network only when Intel AMT is configured or during the configuration process. Starting with Release 6.0, the port is optionally open when TLS is enabled. The port is always open locally. See Defining Secure Connection Settings.
16993	Intel(R) AMT HTTPS	Used for WS-Management messages to and from Intel AMT when TLS is enabled. See Transport Layer Security.
16994(deprecated)	Intel(R) AMT Redirection/TCP	Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication). Enabling the redirection listener enables this port. See Enabling the Listener State.
16995	Intel(R) AMT Redirection/TLS	Used for redirection traffic (SOL, Storage Redirection, and KVM using Intel AMT authentication) when TLS is enabled. Enabling the redirection listener enables this port. See Enabling the Listener State.
623 (deprecated)	ASF Remote Management and Control Protocol (ASF-RMCP)	Used for RMCP pings. This port is a standard DMTF port and accepts WS-Management traffic. It is always enabled.
664	DMTF out-of-band secure web services management protocol ASF Secure Remote Management and Control Protocol (ASF-RMCP)	Used for secure RMCP pings. This port is a standard DMTF port and accepts secure WS-Management traffic. It is always enabled.
5900	VNC (Virtual Network Computing) - remote control program	Used for KVM viewers that do not use Intel AMT authentication but use the standard VNC port instead. See Working with Port 5900 and Changing the Default KVM Port Setting. End of Support Note: Port 5900 is no longer supported. Attempting to configure an RFB password or enabling the port via IPS_KVMRedirectionSettingData.PUT causes Intel AMT to return the message unsupported. For details on affected releases, see Working with Port 5900.

What happens when a management console runs on an Intel® vPro™ platform?

If a management console running on an Intel vPro platform sends manageability traffic to another platform containing Intel AMT what happens? Nothing unusual, unless the console platform uses one of the above port numbers as a source port in its messaging. For example, the console application running on the Host sends an RMCP ping and uses 623 as both the destination and source port. The remote platform will receive the ping and send the response, but the console platform will route the response locally to Intel AMT. It will then appear to the Host that there was no ping response. The way to avoid this situation is never use these dedicated IANA ports as source ports.