Product Documentation

Firewall ports

May 30, 2018

The App Layering appliance communicates with your hypervisor, provisioning service, and the App Layering agent. This article details the ports that the appliance uses to communicate both internally with other App Layering-related services, and externally with servers, such as NTP servers. Be sure to open the necessary ports in your firewall before you install the App Layering appliance.

The App Layering installer opens ports that the appliance needs to interact with services on the virtual server where it is hosted. If there is a firewall between the App Layering appliance and the machine on which you are running the App Layering agent or one of the App Layering connectors, you must manually open the port in the firewall used for that purpose. If during installation you changed any of the ports from the default setting, be sure to open the correct port.

The App Layering appliance uses the TCP/IP protocol, and IPv4 is required.  There are three main classes of communication: accessing and managing the appliance, talking to our agent service, and talking directly to hypervisors that don’t require the agent.

  • Basic appliance management and access (always required)
    • HTTP - Port 80
    • HTTPS  - Port 443
    • SSH - Port 22
    • Log downloads - Port 8888
  • Servers
    • Active Directory server - Port 389 - LDAP protocol
    • Active Directory server - Port 636 - LDAPS protocol
    • Active Directory server - Port 53 - DNS protocol
    • Windows file servers, SMB - port 445 - SMB protocol
    • Network time servers - Port 123 - NTP protocol
    • Unix file servers - Port 2049 - NFS protocol
    • DHCP server, DHCP - Port 67 - UDP protocol
    • App Layering appliance - Port 68 - DHCP protocol
  • App Layering agent
    • Agent server to appliance - Port 443 - Registration/HTTPS
    • Agent server to agent server - Port 8016 - Commands from appliance/SOAP
    • Agent server to appliance - Port 8787 - Log export
    • Agent server to appliance - Port 3009 - Disk upload/HTTP
    • Agent server to appliance - Port 3509 - Disk upload/HTTPS
  • Connectors to hypervisors and provisioning services - Connectors on the appliance allow the appliance to communicate directly with the supported hypervisors and provisioning services.

    • Hypervisors Connectors in the appliance allow for communications directly to each of the hypervisors
      • Citrix XenServer - Port 5900
      • MS Azure Management - Port 443
      • MS Hyper-V - Port 443
      • Nutanix AHV - Port 9440
      • VMware vSphere - Port 443 - Virtual Center, and ESX hosts for disk transfers
    • Disk uploads
      • Citrix MCS for XenServer
        • Port 3002 - HTTP
        • Port 3502 - HTTPS
      • Citrix MCS for vSphere
        • Port 3004 - HTTP
        • Port 3504 - HTTPS
      • Citrix MCS for Nutanix
        • Port 3006 - HTTP
        • Port 3506 - HTTPS
      • Citrix PVS (for XenServer, vSphere, Hyper-V) - Disk uploads
        • Port 3009 - HTTP
        • Port 3509 - HTTPS
      • Citrix XenServer connector
        • Port 3002 - HTTP
        • Port 3502 - HTTPS
      • MS Azure
        • Port 3000 - HTTP
        • Port 3500 - HTTPS
      • MS Hyper-V
        • Port 3011 - HTTP
        • Port 3511 - HTTPS
      • Nutanix AHV
        • Port 3006 - HTTP
        • Port 3506 - HTTPS
        • Port 9440 - Connection to Prism
      • VMware Horizon View for vSphere
        • Port 9440 - Connection to Prism
        • Port 3004 - HTTP
        • Port 3504 - HTTPS
      • VMware vSphere
        • Port 3004 - HTTP
        • Port 3504 - HTTPS

Firewall ports

In this article