Secure SD-WAN Manager ports
The most important default ports used in communications to and from Secure SD-WAN Manager components are presented in the following illustrations.
This table lists the default ports Secure SD-WAN Manager uses internally and with external components. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.
Listening host | Port/protocol | Contacting hosts | Service description | Service element name |
---|---|---|---|---|
Additional Management Servers | 8902- 8913/TCP | Management Server | Database replication (push) to the additional Management Server. | SG Control |
DNS server | 53/UDP, 53/TCP | Management Client, Management Server, Log Server | DNS queries. | DNS (UDP) |
LDAP server | 389/TCP | Management Server | External LDAP queries for display/editing in the Management Client. | LDAP (TCP) |
Log Server | 162/UDP, 5162/UDP | Monitored third-party components |
SNMPv1 trap reception from third-party components. Port 162 is used if installed on Windows, port 5162 if installed on Linux. |
SNMP (UDP) |
Log Server | 514/TCP, 514/UDP, 5514/TCP, 5514/UDP | Monitored third-party components |
Syslog reception from third-party components. Port 514 is used if installed on Windows, port 5514 if installed on Linux. |
Syslog (UDP) [Partial match] |
Log Server | 2055/UDP | Monitored third-party components | NetFlow or IPFIX reception from third-party components. Port 2055 is used in both Windows and Linux. | NetFlow (UDP) |
Log Server | 3020/TCP | Log Server, Web Portal Server, Engines |
Alert sending from the Log Server and Web Portal Server. Log and alert messages; monitoring of blacklists, connections, status, and statistics from Engines. |
SG Log |
Log Server | 8914-8918/TCP | Management Client | Log browsing. | SG Data Browsing |
Log Server | 8916-8917/TCP | Log Server, Web Portal Server | Database replication (push) to the Log Server; Log browsing on the Web Portal Server. | SG Data Browsing (Web Portal Server) |
Management Server | 3021/TCP | Log Server, Web Portal Server | System communications certificate request/renewal. | SG Log Initial Contact |
Management Server | 8902-8913/TCP | Management Client, Log Server, Web Portal Server | Monitoring and control connections. | SG Control |
Management Server | 3023/TCP | Additional Management Servers, Log Server, Web Portal Server |
Log Server and Web Portal Server status monitoring. Status information from an additional Management Server to the active Management Server. |
SG Status Monitoring |
Management Server | 8903, 8907/TCP | Additional Management Servers | Database replication (pull) to the additional Management Server. | SG Control |
Management Server | 8085/TCP | Secure SD-WAN Manager Web Access clients | Communication for using Secure SD-WAN Manager Web Access. | HTTPS |
Monitored third-party components | 161/UDP | Log Server | SNMP status probing to external IP addresses. | SNMP (UDP) |
NTP server | 123/TCP or UDP | Appliance | Receiving NTP information. | NTP |
RADIUS server | 1812/UDP | Management Server |
RADIUS authentication requests for administrator logon. The default ports can be edited in the properties of the RADIUS Server element. |
RADIUS (Authentication) |
Engine update service | 443/TCP | Secure SD-WAN Manager servers | Update packages, engine upgrades, and licenses. | HTTPS |
Appliance | 161/UDP | Third-party components | Requesting health and other information about the Appliance. | SNMP |
Update servers | 443/TCP | Appliance | Receiving appliance patches and updates. | HTTPS |
Appliance | 22/TCP | Terminal clients | SSH connections to the command line of the Appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
Syslog server | 514/UDP, 5514/UDP | Log Server |
Log data forwarding to syslog servers. The default ports can be edited in the LogServerConfiguration.txt file. |
Syslog (UDP) [Partial match] |
Terminal Client Firewall, Layer 2 Firewall, IPS, Master Engine |
22/TCP | Appliance | Contacting engines and moving Appliance backups off the appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
Third-party components | 2055/UDP | Log Server |
NetFlow or IPFIX forwarding to third-party components. Port 2055 is used in both Windows and Linux. |
NetFlow (UDP) |
Third-party components | 162/UDP | Appliance | Sending SNMP status probing to external devices. | SNMP |
Third-party components | 445/TCP | Appliance | Moving Appliance backups off the appliance. Note: You cannot use CIFS in FIPS mode.
|
CIFS |
Web Portal Server | 8931/TCP | Log Server | Connections from the Log Server to the Web Portal Server | SG Web Portal Control |
Web Portal Server | 8083/TCP | Secure SD-WAN Manager Web Access clients | Communication for using Secure SD-WAN Manager Web Access. | HTTPS |