Orchestrator and EdgeConnect TCP/IP Ports
This page provides information about the default ports that Orchestrator and EdgeConnect appliances use.
| Protocol & Port | Application | Where Used |
|---|---|---|
| TCP 21 | FTP | Orchestrator as a Server: Outbound1 |
| TCP 22 | SCP SSH |
Orchestrator as a Server: Outbound1 Orchestrator as a Server: Outbound & Inbound |
| TCP 25 | SMTP | Orchestrator as a Server: Outbound |
| TCP 49 | TACACS+ |
Orchestrator as a Server: Outbound Appliance: as a Client |
| TCP/UDP 53 | DNS | Orchestrator as a Server: Outbound Appliance: as a Client |
| TCP 80 | HTTP | Orchestrator as a Server: Outbound2 Orchestrator as a Server: Inbound3 Orchestrator: as a Client Appliance: as a Client |
| UDP 123 | NTP | Orchestrator as a Server: Outbound Orchestrator: as a Client Appliance: as a Server and Client |
| UDP 161 | SNMP | Appliance: as a Client |
| TCP 443 | HTTPS | Orchestrator as a Server: Outbound & Inbound3 Orchestrator: as a Client for AWS (optional)4 and for Google Maps5 Appliance: as a Server |
| TCP 465, 587 | SMTPS | Orchestrator as a Server: Outbound |
| TCP 6514 | Syslog TLS | Orchestrator as a Server |
| UDP 514 | Syslog TLS | Orchestrator as a Server: Outbound6 Appliance: as a Client6 |
| UDP 1812, 1813 | RADIUS | Orchestrator as a Server: Outbound7 Appliance: as a Client7 |
| UDP 4163 | UDP | Data Plane8 |
| UDP 500, 4500 | IPSEC | Data Plane8 |
| UDP 12000, 12010 | IPSEC_UDP9 | Data Plane8 |
| IP 47 | GRE | Data Plane8 |
| IP 50 | IPSEC | Data Plane8 |
-
FTP and SCP are optional and used as backups to customer-owned servers in the on-prem version of Orchestrator. You can always use the HTTPS port, as it is already allowed. This is not applicable to Orchestrator-as-a-Service.
-
Orchestrator communicates with Cloud Portal over both HTTPS and WebSockets over TLS 1.2.
NOTE: Orchestrator 9.5.2 and later supports IPv6 and IPv4. To support IPv6, the Cloud Portal URL changed to portal2.silverpeak.cloud. All EdgeConnect appliances on the network must be at least on ECOS 9.5.2.x or a later release to use this option. If you have EdgeConnect appliances running on ECOS 9.5.2.x or earlier or you have an environment with a mix of releases (some appliances are on ECOS 9.5.2.x and later releases and some are on ECOS 9.5.2.x or earlier releases), you must use portal.silverpeak.cloud. See the Orchestrator 9.5.2 release notes for more details.
Orchestrator might need to connect to the following URLs to upgrade Linux:
mirrors.fedoraproject.org
mirrors.rockylinux.org
dl.rockylinux.org
codecs.fedoraproject.org
dl.fedoraproject.org -
Inbound HTTP/HTTPS connections can be restricted to authorized subnets only. EdgeConnect talks on these ports.
-
Access to AWS S3 is required for case creation and uploading files to Support. If you need to configure firewall access, you can allow outbound connections to *.s3.amazonaws.com. Refer to this page for more information — the destination S3 bucket is in the us-east-1 region. If outbound access is prohibited, users can download files from Orchestrator and manually attach to new or existing cases.
-
Google Maps is used to populate topology view charts — additional firewall access may be required.
-
Audit log and Syslog ports are configurable.
-
These ports may differ. Verify the ports are the same as the server during configuration.
-
By default, IPSEC_UDP will be used for all tunnels, other protocols only need to be allowed if they are configured.
-
These ports may differ. The port will be the same as what you set the default UDP port in the Orchestrator settings during configuration.