Ports and Firewall Configuration
Your firewall settings will depend on which Reflection Gateway features you use and how you have configured your installation. The diagram below shows which ports are used by default in a distributed configuration. The table that follows provides additional detail.
Connection Description | Default Listening Port | Where to Change the Listening Port | Where to Specify the Port Used for the Connection |
---|---|---|---|
Reflection Secure Shell Proxy to Transfer Site SFTP server Not used if Transfer site file server is set to Reflection Gateway Proxy (the default). |
22 | SFTP server | New/Edit SFTP Server |
Reflection Transfer Server to Reflection Gateway Administrator web service | 9190 | Reflection Gateway Administrator container.properties > configservice-ws.port | Reflection Secure Shell Proxy > Reflection Gateway Users pane > Gateway Administrator port > Activate and verify |
Administrative workstation browser to display Gateway Administrator user interface | 9490 | Reflection Gateway Administrator container.properties > servletengine.ssl.port | Gateway Administrator connection URL |
Reflection Gateway Administrator to Reflection Hub | 9188 | Reflection Hub container.properties > hub.command-api.port | New/Edit Hub |
Reflection Hub to Reflection Gateway Administrator | 9186 | Reflection Gateway Administrator container.properties > configservice.response-api.port | New/Edit Hub |
Reflection Hub to SFTP servers | 22 | SFTP server | New/Edit SFTP Server |
Gateway Administrator to SFTP servers The direct connection from Gateway Administrator to SFTP servers is not required for running Jobs or Transfer sites. Gateway Administrator makes this connection to retrieve the host key when you first add a server and to display server host directories in response to a Browse button. |
22 | SFTP server | New/Edit SFTP Server |
Browser launched by the Reflection Secure Shell Proxy to display the Gateway Administrator user interface. Not shown in diagram. This connection is only required if you want to launch the Gateway Administrator directly from the Reflection Secure Shell Proxy console. |
9490 | Reflection Gateway Administrator container.properties > servletengine.ssl.port | No configuration is required; connection information is retrieved automatically using the Reflection Gateway Administrator web service. |
Reflection Gateway Administrator to Reflection PKI Services Manager Not shown in diagram. This connection is used only if Authentication is set to use X.509 certificates. |
18081 | PKI Services Manager | New/Edit PKI Server |