Skip to main content

Welcome to our updated site!

Skyhigh Security

Open Ports Needed for Web Gateway

To access external servers and databases for real-time updates, certain ports must be open on the infrastructure firewall. Ports for communication through a firewall is provided In the table below.

In the Table:

  • Bidirectional means Connection can be initiated from either direction.
  • Inbound means Remote system initiates the connection.
  • Outbound means Local system can initiate the connection.

Table contains only default ports and Several of them can be configured. Additionally, Not all inbound ports are open by default, this depends on the configuration.

Port Direction Transport Protocol Application Protocol Destination Use Note
22 Inbound TCP SSH Local Administrator secure shell  
161 Inbound TCP/UDP SNMP Local SNMP  
1080 Inbound TCP SOCKS Local SOCKS proxy  
1344 Inbound TCP ICAP Local ICAP  
2000–20000 Inbound TCP FTP Local Passive FTP data connection From FTP client to WG
2121 Inbound TCP FTP Local FTP control port  
4005 Inbound TCP IFP Local IFP  
4711 Inbound TCP HTTP Local Administrator UI Also REST if enabled
4712 Inbound TCP HTTPS Local Administrator UI Also REST if enabled
4713 Inbound TCP HTTP Local File server  
4714 Inbound TCP HTTPS Local File server  
5050 Inbound TCP Yahoo Local Yahoo proxy  
5190 Inbound TCP ICQ Local ICQ proxy  
5222 Inbound TCP XMPP Local XMPP (Jabber) proxy  
9090 Inbound TCP HTTP Local HTTP(S) proxy  
9393 Inbound TCP HTTPS Local Intel Active System Console  
16000–17000 Inbound UDP   Local SOCKS UDP relay  
20001–40000 Inbound TCP FTP Local Active FTP data connection From FTP server to WG
520 Bidirectional UDP RIP Your RIP routers IP routing  
12346 Bidirectional TCP Proprietary Your WG appliances WG cluster communication  
  Bidirectional IP Protocol 47 GRE Your WG appliances or WCCP routers WCCP and traffic tunneling between WG nodes  
  Bidirectional IP Protocol 89 OSPF Your OSPF routers IP routing  
  Bidirectional IP Protocol 112 VRRP Your WG appliances VIP failover  
  Bidirectional IP Protocol 253 Proprietary Your WG appliances Network driver cluster communication  
21 Outbound TCP FTP Arbitrary FTP servers File transfer protocol Active and passive
25 Outbound TCP SMTP Your email server Email notifications  
53 Outbound TCP/UDP DNS Your DNS server Domain name system  
443 Outbound TCP HTTPS, System update  
80, 443 Outbound TCP HTTP(S) Arbitrary HTTP(S) servers User HTTP(S) traffic Other ports depending on configuration
80, 443 Outbound TCP HTTP(S) Update Servers
(,,,,,,, CRL Download Servers, OCSP Requests, Telemetry
Centralized Updater  
80, 443 Outbound TCP HTTP(S) Your Customer-Maintained Subscribed List Servers Subscribed Lists Manager  
80, 443 Outbound TCP HTTP(S) Your Scheduled Job Servers (Upload, Download) Scheduled Job Manager  
123 Outbound TCP/UDP NTP Your NTP servers, Time synchronization  
162 Outbound TCP/UDP SNMP Your SNMP trap sink SNMP traps  
389 Outbound TCP LDAP Your directory servers Directory service or Active Directory  
443 Outbound TCP HTTPS (default; can be configured) GTI Cloud lookups (Reputation, Categories, Geo Location, File Reputation)  
443 Outbound TCP HTTPS (default; can be configured) GTI Telemetry (Malicious URL Feedback)  
445 Outbound TCP SMB NTLM Server NTLM authentication  
514 Outbound TCP/UDP Syslog Your Syslog servers Syslog  
636 Outbound TCP LDAP Your directory servers Secure directory or Active Directory  
1344 Outbound TCP ICAP Your ICAP servers ICAP  
2020 (Source) Outbound TCP FTP Local Active FTP data connection From WG to FTP client
8883 Outbound TCP DXL Connection to the DXL broker Communication between WG and DXL broker installed on ePO  
Your proxy ports Outbound TCP HTTP Your parent proxies HTTP proxy For user traffic and several internal connections (AV update), configured individually
  • Was this article helpful?