Product Documentation

Open firewall ports for App Layering, as needed

Jan 11, 2018

The App Layering appliance (aka the Enterprise Layer Manager (ELM)) must be connected to a network file share.

The App Layering installer opens ports that the appliance needs to interact with services on the virtual server where it is hosted. The default ports that App Layering uses are listed in the tables below.

If there is a firewall between the App Layering appliance and the machine on which you are running the App Layering Agent or one of the App Layering Connectors, you must manually open the port in the firewall used for that purpose. If during installation you changed any of the ports from the default setting, be sure to open the correct port.

Admin User

By default, App Layering uses the following ports in your firewall for the Admin User to interact with the Management Console on the App Layering appliance VM.

Destination Activity Protocol Ports

App Layering appliance
(Enterprise Layer Manager (ELM))

Management Console

TCP

80, 443

App Layering appliance

Administrator log download

TCP

8888

Connector for Azure

Communication

TCP

3000 (HTTP)
3500 (HTTPS)

Connector for PVS

Communication

TCP

3009 (HTTP)
3509 (HTTPS)

Connector for vSphere

Communication

TCP

3004 (HTTP)
3504 (HTTPS)

Connector for XenServer

Communication

TCP

3002 (HTTP)
3502 (HTTPS)

Connector for Azure

Communication

TCP

3000 (HTTP)
3500 (HTTPS)

App Layering appliance

ActiveMQ Console

TCP

8161

App Layering Appliance (Enterprise Layer Manager (ELM))

Internal Connections

By default, the App Layering service uses the following ports in your firewall for internal connections between the appliance and each of the destinations listed below.

In this table:

  • Appliance - The App Layering appliance, also called the Enterprise Layer Manager, or ELM. This is the virtual appliance
  • Agent - refers to the App Layering agent, which you install on
  • Admin User - A Management Console user who is assigned the App Layering Admin Role.
Source Destination Activity Protocol Ports

Appliance

Agent

Communication

TCP

8016

Agent

Appliance

Log deliveries from
the Agent

TCP

8787

Appliance

VMware vCenter
and ESX Hosts

Communication with
datastore via ESXI Host

TCP

443

Agent

Appliance

Communication with
datastore via ESXI Host

TCP

8888

Appliance

Active Directory

Communication with
datastore via ESXI Host

TCP

443

Agent

Appliance

Log gathering

TCP

14243

Appliance

Active Directory

LDAP

TCP

389, 636

Admin User

Appliance

Connector for Azure Communication

TCP

3000(HTTP)
3500(HTTPS)

Agent on PVS server /Admin user

Appliance

Connector for PVS Communication/Publishing

TCP

3009(HTTP)
3509(HTTPS)

Admin User

Appliance

Connector for vSphere Communication

TCP

3004(HTTP)
3504(HTTPS)

Admin User

Appliance

Connector for XenServer Communication

TCP

3002(HTTP)
3502(HTTPS)

External connection

By default, uses the following port in your firewall for external connections between the App Layering appliance and the destination listed below.

Destination Activity Protocol Ports

cdn.unidesk.com

API access

TCP

443

www.unidesk.com/upgrades/latest

Download upgrade media from Citrix Cloud

TCP

80

OS Image (XenServer requirement only)

Citrix XenServer uses Port 5900 for communications between your OS Image and XenCenter or other Xen client.

Destination Activity Protocol Ports

XenCenter

Communications

5900