Appliance port usage

Appliance port usage

The following table lists the ports the appliance listens on and provides a description of what the port is used for and what external entities use the port. This table can be used to decide:

The firewall rules used to allow or block port access to or from the appliance
Which ports are reserved and must be avoided by administrator configurable ports

The appliance provides two types of interface groupings: administration interface and application interface. Typically ports are assigned to one or more IP addresses from one of these groups of interfaces. In some cases, ports can be assigned to all IP addresses from both groups by providing 0.0.0.0 as the IP address to use.

Appliance port Appliance interface type Description

22 Administration This port serves two roles.

Provides remote access to the CLI for the admin user.
Cluster inter-node communication. Each node in a cluster must have access to all other cluster nodes' SSH ports.

80 Application The port can be assigned to both application and administration interfaces by providing 0.0.0.0 as the IP address to use. This port is the typical default unsecured (non-SSL) port of the first configured Web Reverse Proxy instance. This port can be configured to a different value or disabled.

443 Application The port can be assigned to both application and administration interfaces by providing 0.0.0.0 as the IP address to use. This port is the typical default secured (SSL) port of the first configured web reverse proxy instance. This port can be configured to a different value or disabled.

443 Administration This port is the Local Management Interface (LMI) secure port.

636 Administration This port is reserved for remote SSL access to the embedded user registry. The port is only active on the primary master node of the cluster when the ISAM runtime is configured to use the embedded user registry.

2020+7 Administration This port is used by the appliance DSC servers to replicate session data between cluster master nodes. Each master node must have access to the port of its adjacent node. The primary node is adjacent to the secondary node. The secondary node is adjacent to the tertiary node. The tertiary node is adjacent to the quaternary node. The 2020+7 value assumes the cluster First Port is set to its default value 2020. If the cluster First Port is configured to a value other than the default, this port value must be adjusted relative to the configured First Port value (configured First Port+7).

7135 Administration Policy server listens on this port if it is running on the node. Any node running web reverse proxy servers, authorization servers, the PD.jar API, pdadmin API, or pdadmin command requires access to this port. This port can be configured to a different value.

7136 Application This port is the typical first authorization server port that can be accessed by the Java or C administration or authorization APIs. This port can be configured to a different value.

7137 Administration This port is the typical first authorization server admin port, which must be accessible by the machine running the policy server. This port can be configured to a different value.

7234 Administration The web reverse proxy server listens on this port if it is running on the node. This port must be accessible from the node running the policy server. This value is the typical port used for the first web reverse proxy on a node. This port can be configured to a different value.

Many services on the appliance can be configured to access external service ports such as LDAP, SQL, DNS, NTP web reverse proxy junctions, OCSP, Kerberos, and syslog server ports. The routing configured on the appliance determines which outgoing interface is used to access them based on the external service's IP address.
Parent topic: Network Settings

Appliance port	Appliance interface type	Description
22	Administration	This port serves two roles. Provides remote access to the CLI for the admin user. Cluster inter-node communication. Each node in a cluster must have access to all other cluster nodes' SSH ports.
80	Application	The port can be assigned to both application and administration interfaces by providing 0.0.0.0 as the IP address to use. This port is the typical default unsecured (non-SSL) port of the first configured Web Reverse Proxy instance. This port can be configured to a different value or disabled.
443	Application	The port can be assigned to both application and administration interfaces by providing 0.0.0.0 as the IP address to use. This port is the typical default secured (SSL) port of the first configured web reverse proxy instance. This port can be configured to a different value or disabled.
443	Administration	This port is the Local Management Interface (LMI) secure port.
636	Administration	This port is reserved for remote SSL access to the embedded user registry. The port is only active on the primary master node of the cluster when the ISAM runtime is configured to use the embedded user registry.
2020+7	Administration	This port is used by the appliance DSC servers to replicate session data between cluster master nodes. Each master node must have access to the port of its adjacent node. The primary node is adjacent to the secondary node. The secondary node is adjacent to the tertiary node. The tertiary node is adjacent to the quaternary node. The 2020+7 value assumes the cluster First Port is set to its default value 2020. If the cluster First Port is configured to a value other than the default, this port value must be adjusted relative to the configured First Port value (configured First Port+7).
7135	Administration	Policy server listens on this port if it is running on the node. Any node running web reverse proxy servers, authorization servers, the PD.jar API, pdadmin API, or pdadmin command requires access to this port. This port can be configured to a different value.
7136	Application	This port is the typical first authorization server port that can be accessed by the Java or C administration or authorization APIs. This port can be configured to a different value.
7137	Administration	This port is the typical first authorization server admin port, which must be accessible by the machine running the policy server. This port can be configured to a different value.
7234	Administration	The web reverse proxy server listens on this port if it is running on the node. This port must be accessible from the node running the policy server. This value is the typical port used for the first web reverse proxy on a node. This port can be configured to a different value.