The following table lists the default network ports used by XenApp and XenDesktop Delivery Controllers, Windows VDAs, Director, and Citrix License Server. When Citrix components are installed, the operating system’s host firewall is also updated, by default, to match these default network ports.
For an overview of communication ports used in other Citrix technologies and components, see CTX101810.
You may need this port information:
- For regulatory compliance purposes.
- If there is a network firewall between these components and other Citrix products or components, so you can configure that firewall appropriately.
- If you use a third-party host firewall, such as one provided with an anti-malware package, rather than the operating system’s host firewall.
- If you alter the configuration of the host firewall on these components (usually Windows Firewall Service).
- If you reconfigure any features of these components to use a different port or port range, and then want to disable or block ports that are not used in your configuration. Refer to the documentation for the component for details.
For port information about other components such as StoreFront and Provisioning Services, see the component’s current “System requirements” article.
The table lists only incoming ports; outgoing ports are usually determined by the operating system and use unrelated numbers. Information for outgoing ports is not normally needed for the purposes listed above.
Some of these ports are registered with the Internet Assigned Numbers Authority (IANA). Details about these assignments are available at https://www.iana.org/assignments/port-numbers; however, the descriptive information held by IANA does not always reflect today’s usage.
Additionally, the operating system on the VDA and Delivery Controller will require incoming ports for its own use. See the Microsoft Windows documentation for details.
VDA, Delivery Controller, and Director
|Component||Usage||Protocol||Default incoming port||Notes|
|VDA||ICA/HDX||TCP, UDP||1494||EDT protocol requires 1494 to be open for UDP. See ICA policy settings.|
|VDA||ICA/HDX with Session Reliability||TCP, UDP||2598||EDT protocol requires 2598 to be open for UDP. See ICA policy settings.|
|VDA||ICA/HDX over TLS||TCP||443||All Citrix Receivers|
|VDA||ICA/HDX over WebSocket||TCP||8008||Citrix Receiver for HTML5, and Citrix Receiver for Chrome 1.6 and earlier only|
|VDA||ICA/HDX audio over UDP Real-time Transport||UDP||16500..16509|
|VDA||ICA/Universal Print Server||TCP||7229||Used by the Universal Print Server print data stream CGP (Common Gateway Protocol) listener.|
|VDA||ICA/Universal Print Server||TCP||8080||Used by the Universal Print Server listener for incoming HTTP/SOAP requests.|
|VDA||Wake On LAN||UDP||9||Remote PC Access power management|
|VDA||Wake Up Proxy||TCP||135||Remote PC Access power management|
|Delivery Controller||VDA, StoreFront, Director, Studio||TCP||80|
|Delivery Controller||StoreFront, Director, Studio over TLS||TCP||443|
|Delivery Controller||Delivery Controller, VDA||TCP||89||Local Host Cache (This use of port 89 might change in future releases.)|
|Director||Delivery Controller||TCP||80, 443|
The following ports are used for Citrix Licensing.
|Component||Usage||Protocol||Default incoming port|
|License Server||License Server||TCP||27000|
|License Server||License Server for Citrix (vendor daemon)||TCP||7279|
|License Server||License Administration Console||TCP||8082|
|License Server||Web Services for Licensing||TCP||8083|