Secure SD-WAN Manager ports
The most important default ports used in communications to and from Secure SD-WAN Manager components are presented in the following illustrations.
Figure: Destination ports for basic communications within the Secure SD-WAN Manager
Figure: Default destination ports for optional Secure SD-WAN Manager components and features
This table lists the default ports Secure SD-WAN Manager uses internally and with external components. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.
| Listening host | Port/protocol | Contacting hosts | Service description | Service element name |
|---|---|---|---|---|
| Additional Management Servers | 8902- 8913/TCP | Management Server | Database replication (push) to the additional Management Server. | SG Control |
| DNS server | 53/UDP, 53/TCP | Management Client, Management Server, Log Server | DNS queries. | DNS (UDP) |
| LDAP server | 389/TCP | Management Server | External LDAP queries for display/editing in the Management Client. | LDAP (TCP) |
| Log Server | 162/UDP, 5162/UDP | Monitored third-party components |
SNMPv1 trap reception from third-party components. Port 162 is used if installed on Windows, port 5162 if installed on Linux. |
SNMP (UDP) |
| Log Server | 514/TCP, 514/UDP, 5514/TCP, 5514/UDP | Monitored third-party components |
Syslog reception from third-party components. Port 514 is used if installed on Windows, port 5514 if installed on Linux. |
Syslog (UDP) [Partial match] |
| Log Server | 2055/UDP | Monitored third-party components | NetFlow or IPFIX reception from third-party components. Port 2055 is used in both Windows and Linux. | NetFlow (UDP) |
| Log Server | 3020/TCP | Log Server, Web Portal Server, Engines |
Alert sending from the Log Server and Web Portal Server. Log and alert messages; monitoring of blacklists, connections, status, and statistics from Engines. |
SG Log |
| Log Server | 8914-8918/TCP | Management Client | Log browsing. | SG Data Browsing |
| Log Server | 8916-8917/TCP | Log Server, Web Portal Server | Database replication (push) to the Log Server; Log browsing on the Web Portal Server. | SG Data Browsing (Web Portal Server) |
| Management Server | 3021/TCP | Log Server, Web Portal Server | System communications certificate request/renewal. | SG Log Initial Contact |
| Management Server | 8902-8913/TCP | Management Client, Log Server, Web Portal Server | Monitoring and control connections. | SG Control |
| Management Server | 3023/TCP | Additional Management Servers, Log Server, Web Portal Server |
Log Server and Web Portal Server status monitoring. Status information from an additional Management Server to the active Management Server. |
SG Status Monitoring |
| Management Server | 8903, 8907/TCP | Additional Management Servers | Database replication (pull) to the additional Management Server. | SG Control |
| Management Server | 8085/TCP | Secure SD-WAN Manager Web Access clients | Communication for using Secure SD-WAN Manager Web Access. | HTTPS |
| Monitored third-party components | 161/UDP | Log Server | SNMP status probing to external IP addresses. | SNMP (UDP) |
| NTP server | 123/TCP or UDP | Appliance | Receiving NTP information. | NTP |
| RADIUS server | 1812/UDP | Management Server |
RADIUS authentication requests for administrator logon. The default ports can be edited in the properties of the RADIUS Server element. |
RADIUS (Authentication) |
| Engine update service | 443/TCP | Secure SD-WAN Manager servers | Update packages, engine upgrades, and licenses. | HTTPS |
| Appliance | 161/UDP | Third-party components | Requesting health and other information about the Appliance. | SNMP |
| Update servers | 443/TCP | Appliance | Receiving appliance patches and updates. | HTTPS |
| Appliance | 22/TCP | Terminal clients | SSH connections to the command line of the Appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
| Syslog server | 514/UDP, 5514/UDP | Log Server |
Log data forwarding to syslog servers. The default ports can be edited in the LogServerConfiguration.txt file. |
Syslog (UDP) [Partial match] |
|
Terminal Client Firewall, Layer 2 Firewall, IPS, Master Engine |
22/TCP | Appliance | Contacting engines and moving Appliance backups off the appliance. Note: Do not use SSH in FIPS mode.
|
SSH |
| Third-party components | 2055/UDP | Log Server |
NetFlow or IPFIX forwarding to third-party components. Port 2055 is used in both Windows and Linux. |
NetFlow (UDP) |
| Third-party components | 162/UDP | Appliance | Sending SNMP status probing to external devices. | SNMP |
| Third-party components | 445/TCP | Appliance | Moving Appliance backups off the appliance. Note: You cannot use CIFS in FIPS mode.
|
CIFS |
| Web Portal Server | 8931/TCP | Log Server | Connections from the Log Server to the Web Portal Server | SG Web Portal Control |
| Web Portal Server | 8083/TCP | Secure SD-WAN Manager Web Access clients | Communication for using Secure SD-WAN Manager Web Access. | HTTPS |