In general, computers using vPro remote access should not be directly exposed to the Internet. The computer’s software firewall doesn’t block vPro ports, which exist outside of the operating system. An external firewall is necessary to protect vPro remote access.
Remote firewall connections to Intel vPro machines can be made via either:
- SSH port forward to use Intel AMT KVM
- VPN to the remote PC network
Intel AMT vPro ports
Don’t open these ports to the public Internet in the external firewall. These ports are the minimum that we’ve observed are necessary to use Intel AMT for remote control, including remote power cycling.
|16992||HTTP remote web UI|
|16993||HTTPS remote web UI, TLS requires this port|
|16995||KVM traffic when TLS is used|
Diagnose vPro remotely
With the ports above forwarded to your laptop, try web browsing to
If you have previously enabled the vPro VNC server, you can connect on Port 5900 with any VNC client over the VPN or SSH tunnel.
If you have the commercial (paid) RealVNC Viewer Plus, you can connect via the ports above, with certificate instead of password is generally preferable.
Intel AMT network ports
Intel vPro remote control without RealVNC Pro, using free open-source software