Open network ports selectively based on the network services you need to expose for administrative and user purposes.
Administrative ports
These ports are used for administrative purposes and are not required for basic end-user application use:
Port | Service | Description |
---|---|---|
8443 | HTTPS | Secure web based Management Console. Required for basic installation and configuration. |
8080 | HTTP | Plain-text web based Management Console. Not required unless SSL is disabled manually |
122 | SSH | Instance shell access. Note that the default SSH port (22) is dedicated to application git+ssh network traffic. |
1194/UDP | VPN | Secure replication network tunnel in High Availability configuration. |
123/UDP | NTP | Required for time protocol operation. |
161/UDP | SNMP | Required for network monitoring protocol operation. |
Application (end-user) ports
These ports provide primary application web and Git access:
Port | Service | Description |
---|---|---|
443 | HTTPS | Web application and Git over HTTPS access. |
80 | HTTP | Web application access. Note that all requests are redirected to the HTTPS port when SSL is enabled. |
22 | SSH | Git over SSH access. Clone, fetch, and push operations to public/private repositories supported. |
9418 | Git | Simple Git protocol port. Clone and fetch operations to public repositories only. Unencrypted network communication. |
Warning: Terminating TLS at a load balancer is not supported. When using TLS (which is recommended), HTTPS traffic must be forwarded directly to the appliance without modification.
Email ports
These ports must be accessible directly or via relay for end-user inbound email support:
Port | Service | Description |
---|---|---|
25 | SMTP | SMTP with encryption (STARTTLS) support. |