Reflection for Secure IT Gateway - Administrator’s Guide > Installation and System Requirements > Ports and Firewall Configuration

Ports and Firewall Configuration

Your firewall settings will depend on which Reflection Gateway features you use and how you have configured your installation. The diagram below shows which ports are used by default in a distributed configuration. The table that follows provides additional detail.

Connection Description

Default Listening Port

Where to Change the Listening Port

Where to Specify the Port Used for the Connection

Transfer clients to the Reflection Secure Shell Proxy

22

Reflection Secure Shell Proxy > Network pane

SFTP Client

The value for the Reflection Transfer Client is set using Reflection Transfer Server container.properties > sftp.port.

Reflection Transfer Client to Reflection Transfer Server

Not used if you use an alternate SFTP client.

9492

Reflection Transfer Server container.properties > servletengine.ssl.port

Reflection Transfer Client connection URL

Reflection Secure Shell Proxy to Transfer Site SFTP server

Not used if Transfer site file server is set to Reflection Gateway Proxy (the default).

22

SFTP server

New/Edit SFTP Server

Reflection Transfer Server to Reflection Gateway Administrator web service

9190

Reflection Gateway Administrator container.properties > configservice-ws.port

Reflection Secure Shell Proxy > Reflection Gateway Users pane > Gateway Administrator port > Activate and verify

Administrative workstation browser to display Gateway Administrator user interface

9490

Reflection Gateway Administrator container.properties > servletengine.ssl.port

Gateway Administrator connection URL

Reflection Gateway Administrator to Reflection Hub

9188

Reflection Hub container.properties > hub.command-api.port

New/Edit Hub

Reflection Hub to Reflection Gateway Administrator

9186

Reflection Gateway Administrator container.properties > configservice.response-api.port

New/Edit Hub

Reflection Hub to SFTP servers

22

SFTP server

New/Edit SFTP Server

Gateway Administrator to SFTP servers

The direct connection from Gateway Administrator to SFTP servers is not required for running Jobs or Transfer sites. Gateway Administrator makes this connection to retrieve the host key when you first add a server and to display server host directories in response to a Browse button.

22

SFTP server

New/Edit SFTP Server

Browser launched by the Reflection Secure Shell Proxy to display the Gateway Administrator user interface.

Not shown in diagram. This connection is only required if you want to launch the Gateway Administrator directly from the Reflection Secure Shell Proxy console.

9490

Reflection Gateway Administrator container.properties > servletengine.ssl.port

No configuration is required; connection information is retrieved automatically using the Reflection Gateway Administrator web service.

Reflection Gateway Administrator to Reflection PKI Services Manager

Not shown in diagram. This connection is used only if Authentication is set to use X.509 certificates.

18081

PKI Services Manager

New/Edit PKI Server