Skip to content

Ports and Firewall Configuration

Your firewall settings will depend on which Reflection Gateway features you use and how you have configured your installation. The diagram below shows which ports are used by default in a distributed configuration. The table that follows provides additional detail.

Connection Description Default Listening Port Where to Change the Listening Port Where to Specify the Port Used for the Connection
Reflection Secure Shell Proxy to Transfer Site SFTP server

Not used if Transfer site file server is set to Reflection Gateway Proxy (the default).
22 SFTP server New/Edit SFTP Server
Reflection Transfer Server to Reflection Gateway Administrator web service 9190 Reflection Gateway Administrator container.properties > configservice-ws.port Reflection Secure Shell Proxy > Reflection Gateway Users pane > Gateway Administrator port > Activate and verify
Administrative workstation browser to display Gateway Administrator user interface 9490 Reflection Gateway Administrator container.properties > servletengine.ssl.port Gateway Administrator connection URL
Reflection Gateway Administrator to Reflection Hub 9188 Reflection Hub container.properties > hub.command-api.port New/Edit Hub
Reflection Hub to Reflection Gateway Administrator 9186 Reflection Gateway Administrator container.properties > configservice.response-api.port New/Edit Hub
Reflection Hub to SFTP servers 22 SFTP server New/Edit SFTP Server
Gateway Administrator to SFTP servers

The direct connection from Gateway Administrator to SFTP servers is not required for running Jobs or Transfer sites. Gateway Administrator makes this connection to retrieve the host key when you first add a server and to display server host directories in response to a Browse button.
22 SFTP server New/Edit SFTP Server
Browser launched by the Reflection Secure Shell Proxy to display the Gateway Administrator user interface.

Not shown in diagram. This connection is only required if you want to launch the Gateway Administrator directly from the Reflection Secure Shell Proxy console.
9490 Reflection Gateway Administrator container.properties > servletengine.ssl.port No configuration is required; connection information is retrieved automatically using the Reflection Gateway Administrator web service.
Reflection Gateway Administrator to Reflection PKI Services Manager

Not shown in diagram. This connection is used only if Authentication is set to use X.509 certificates.
18081 PKI Services Manager New/Edit PKI Server