Port number information

Review the port numbers required for use by the SafeLinx Server and the instructions about changing them.

The SafeLinx Server and access manager are installed on the same system and require a port for communication with the SafeLinx Administrator.

9555
Communication between SafeLinx Administrator and access manager
9559

Communication between SafeLinx Administrator and access manager using TLS

To change these port numbers, first update the /etc/services file, then:

Linux
Using xinetd daemon: Refresh the inetd daemon by typing kill -SIGUSR2 `ps -e | grep xinetd | awk '{print $1}'`.
Using inetd daemon: Refresh the inetd daemon by typing kill -HUP `ps -e | grep inetd | awk '{print $1}'`.
Windows
Not available.

There are other default ports on which the SafeLinx Server listens. To change these port numbers, use the SafeLinx Administrator to edit the SafeLinx Server, mobile access services, or messaging services properties.

These ports include:

Table 1. Ports on which the SafeLinx Server listens
Port number and protocol Component using Direction Comment
80 - TCP
  • HTTP access services
  • SafeLinx Clients
  • Mobile access services
Internet side of SafeLinx Server from HTTP Access clients and SafeLinx Clients. Intranet side to HTTP application servers Depends on location of HTTP proxy, web, or application server
443 - TCP
  • HTTP access services
  • SafeLinx Clients
  • Mobile access services
Internet side of SafeLinx Server from HTTP Access clients and SafeLinx Clients. Intranet side to HTTP application servers Depends on location of HTTP proxy, web, or application server
1645 or 1812 - UDP RADIUS authentication messages Bidirectional – Intranet side of SafeLinx Server Used in conjunction with the device resolver or with third-party RADIUS authentication servers
1646 or 1813 - UDP RADIUS accounting messages Bidirectional – Internet side of SafeLinx Server Used in conjunction with the device resolver or with third-party RADIUS authentication servers
9557 - TCP SafeLinx Server No firewall implication Used between the SafeLinx Server and the wg_monitor utility
14356 - TCP
  • SafeLinx Server
  • Mobile access services
Depends on location of subordinate nodes – If the nodes are inside the DMZ, there is no firewall implication, otherwise it is the Intranet side of SafeLinx Server Subordinate node in a cluster listens to receive incoming requests from a principal node – inactive by default
8888 - TCP and UDP Mobile access services Bidirectional Used between SafeLinx Client and SafeLinx Server to change client password.
Note:
This port is only accessed through the VPN tunnel and does not need to be externalized by firewalls.
8889 - TCP and UDP Mobile access services Bidirectional – Internet and Intranet side of SafeLinx Server, unless specifically set to bind to an IP address on one side or the other IP-based receive
9551 - TCP SafeLinx Server Bidirectional The SafeLinx Server listens for dynamic configuration requests using the TCP protocol.
9553 - TCP SafeLinx Server Bidirectional The SafeLinx Server listens for dynamic configuration requests using the TCP protocol.
9610 - TCP Mobile access services Bidirectional Listener for third-party RADIUS authentication requests from SafeLinx Clients
13131 - TCP Messaging services Bidirectional – Intranet side of SafeLinx Server Send/receive port for messaging services API traffic
13132 - TCP Messaging services Bidirectional – Intranet side of SafeLinx Server Secure send/receive port for messaging services API traffic