Secure SD-WAN Manager ports

The most important default ports used in communications to and from Secure SD-WAN Manager components are presented in the following illustrations.

Figure: Destination ports for basic communications within the Secure SD-WAN Manager



Figure: Default destination ports for optional Secure SD-WAN Manager components and features



This table lists the default ports Secure SD-WAN Manager uses internally and with external components. Many of these ports can be changed. The names of corresponding default Service elements are also included for your reference.

Table 1. Secure SD-WAN Manager default ports
Listening host Port/protocol Contacting hosts Service description Service element name
Additional Management Servers 8902- 8913/TCP Management Server Database replication (push) to the additional Management Server. SG Control
DNS server 53/UDP, 53/TCP Management Client, Management Server, Log Server DNS queries. DNS (UDP)
LDAP server 389/TCP Management Server External LDAP queries for display/editing in the Management Client. LDAP (TCP)
Log Server 162/UDP, 5162/UDP Monitored third-party components

SNMPv1 trap reception from third-party components.

Port 162 is used if installed on Windows, port 5162 if installed on Linux.

SNMP (UDP)
Log Server 514/TCP, 514/UDP, 5514/TCP, 5514/UDP Monitored third-party components

Syslog reception from third-party components.

Port 514 is used if installed on Windows, port 5514 if installed on Linux.

Syslog (UDP) [Partial match]
Log Server 2055/UDP Monitored third-party components NetFlow or IPFIX reception from third-party components. Port 2055 is used in both Windows and Linux. NetFlow (UDP)
Log Server 3020/TCP Log Server, Web Portal Server, Engines

Alert sending from the Log Server and Web Portal Server.

Log and alert messages; monitoring of blacklists, connections, status, and statistics from Engines.

SG Log
Log Server 8914-8918/TCP Management Client Log browsing. SG Data Browsing
Log Server 8916-8917/TCP Log Server, Web Portal Server Database replication (push) to the Log Server; Log browsing on the Web Portal Server. SG Data Browsing (Web Portal Server)
Management Server 3021/TCP Log Server, Web Portal Server System communications certificate request/renewal. SG Log Initial Contact
Management Server 8902-8913/TCP Management Client, Log Server, Web Portal Server Monitoring and control connections. SG Control
Management Server 3023/TCP Additional Management Servers, Log Server, Web Portal Server

Log Server and Web Portal Server status monitoring.

Status information from an additional Management Server to the active Management Server.

SG Status Monitoring
Management Server 8903, 8907/TCP Additional Management Servers Database replication (pull) to the additional Management Server. SG Control
Management Server 8085/TCP Secure SD-WAN Manager Web Access clients Communication for using Secure SD-WAN Manager Web Access. HTTPS
Monitored third-party components 161/UDP Log Server SNMP status probing to external IP addresses. SNMP (UDP)
NTP server 123/TCP or UDP Appliance Receiving NTP information. NTP
RADIUS server 1812/UDP Management Server

RADIUS authentication requests for administrator logon.

The default ports can be edited in the properties of the RADIUS Server element.

RADIUS (Authentication)
Engine update service 443/TCP Secure SD-WAN Manager servers Update packages, engine upgrades, and licenses. HTTPS
Appliance 161/UDP Third-party components Requesting health and other information about the Appliance. SNMP
Update servers 443/TCP Appliance Receiving appliance patches and updates. HTTPS
Appliance 22/TCP Terminal clients SSH connections to the command line of the Appliance.
Note: Do not use SSH in FIPS mode.
SSH
Syslog server 514/UDP, 5514/UDP Log Server

Log data forwarding to syslog servers.

The default ports can be edited in the LogServerConfiguration.txt file.

Syslog (UDP) [Partial match]

Terminal Client

Firewall, Layer 2 Firewall, IPS, Master Engine

22/TCP Appliance Contacting engines and moving Appliance backups off the appliance.
Note: Do not use SSH in FIPS mode.
SSH
Third-party components 2055/UDP Log Server

NetFlow or IPFIX forwarding to third-party components.

Port 2055 is used in both Windows and Linux.

NetFlow (UDP)
Third-party components 162/UDP Appliance Sending SNMP status probing to external devices. SNMP
Third-party components 445/TCP Appliance Moving Appliance backups off the appliance.
Note: You cannot use CIFS in FIPS mode.
CIFS
Web Portal Server 8931/TCP Log Server Connections from the Log Server to the Web Portal Server SG Web Portal Control
Web Portal Server 8083/TCP Secure SD-WAN Manager Web Access clients Communication for using Secure SD-WAN Manager Web Access. HTTPS