Open network ports selectively based on the network services you need to expose for administrative and user purposes.

Administrative ports

These ports are used for administrative purposes and are not required for basic end-user application use:

Port Service Description
8443 HTTPS Secure web based Management Console. Required for basic installation and configuration.
8080 HTTP Plain-text web based Management Console. Not required unless SSL is disabled manually
122 SSH Instance shell access. Note that the default SSH port (22) is dedicated to application git+ssh network traffic.
1194/UDP VPN Secure replication network tunnel in High Availability configuration.
123/UDP NTP Required for time protocol operation.
161/UDP SNMP Required for network monitoring protocol operation.

Application (end-user) ports

These ports provide primary application web and Git access:

Port Service Description
443 HTTPS Web application and Git over HTTPS access.
80 HTTP Web application access. Note that all requests are redirected to the HTTPS port when SSL is enabled.
22 SSH Git over SSH access. Clone, fetch, and push operations to public/private repositories supported.
9418 Git Simple Git protocol port. Clone and fetch operations to public repositories only. Unencrypted network communication.

Email ports

These ports must be accessible directly or via relay for end-user inbound email support:

Port Service Description
25 SMTP SMTP with encryption (STARTTLS) support.