Product Documentation

Open firewall ports for App Layering

Jan 11, 2018

The installation program for the Citrix App Layering appliance, also known as Enterprise Layer Manager (ELM), opens ports between the appliance and services on the virtual server that hosts the appliance. The following tables list the default ports that the appliance uses.

Open the port in the firewall between the appliance and the machine on which the App Layering Agent runs. If you changed any of the ports during installation from the default setting, ensure that you open the correct port.

The appliance must be connected to a network file share.

Admin User

The appliance uses the following ports in your firewall for the Admin user to interact with the management console on the App Layering appliance virtual machine.

Destination Activity Protocol Ports

App Layering appliance

Management console

TCP

80, 443

App Layering appliance

Administrator log download

TCP

8888

Connector for Azure

Communication

TCP

3000 (HTTP)

3500 (HTTPS)

Connector for Provisioning Services

Communication

TCP

3009 (HTTP)

3509 (HTTPS)

Connector for vSphere

Communication

TCP

3004 (HTTP)

3504 (HTTPS)

Connector for XenServer

Communication

TCP

3002 (HTTP)

3502 (HTTPS)

Connector for Nutanix

Communication

TCP

3006 (HTTP)

3506 (HTTPS)

App Layering appliance

ActiveMQ Console

TCP

8161

Appliance internal connections

Opening ports in your firewall allows for internal connections between the appliance and each destination. Open the ports for each destination in the following list with the port numbers in the table.

  • Appliance - The App Layering appliance, a virtual appliance.
  • Agent - The App Layering agent, which you install on the Provisioning Services server.
  • Admin user - A management console user who is assigned the App Layering Admin Role.
Source Destination Activity Protocol Ports

Appliance

Agent

Communication

TCP

8016

Agent

Appliance

Log deliveries from the Agent

TCP

8787

Appliance

VMware vCenter and ESX Hosts

Communication with datastore through the ESXi Host

TCP

443

Agent

Appliance

Communication with datastore through the ESXi Host

TCP

8888

Appliance

Active Directory

Communication with datastore through the ESXi Host

TCP

443

Agent

Appliance

Log gathering

TCP

14243

Appliance

Active Directory

LDAP

TCP

389, 636

Admin user

Appliance

Connector for Azure Communication

TCP

3000 (HTTP)

3500 (HTTPS)

Agent on Provisioning Services server /Admin user

Appliance

Connector for Provisioning Services Communication /Publishing

TCP

3009 (HTTP)

3509 (HTTPS)

Admin user

Appliance

Connector for vSphere Communication

TCP

3004 (HTTP)

3504 (HTTPS)

Admin user

Appliance

Connector for XenServer Communication

TCP

3002 (HTTP)

3502 (HTTPS)

Admin user

Appliance

Connector for Nutanix

TCP

3006 (HTTP)

 

3506 (HTTPS)

Appliance external connections

External connections use the following port in your firewall between the App Layering appliance and the following destination.

Destination Activity Protocol Ports

API access

TCP

443

Manually download the upgrade software from the Citrix App Layering Downloads page on the Citrix website.

TCP

80

Note

If the storage location is available, the appliance downloads the upgrade software automatically.

OS Image (XenServer requirement only)

Citrix XenServer uses port 5900 for communications between your OS Image and XenCenter or other XenClient.

Destination Activity Protocol Ports

XenCenter

Communications

5900