Port number information
Review the port numbers required for use by the SafeLinx Server and the instructions about changing them.
The SafeLinx Server and access manager are installed on the same system and require a port for communication with the SafeLinx Administrator.
- 9555
- Communication between SafeLinx Administrator and access manager
- 9559
-
Communication between SafeLinx Administrator and access manager using TLS
To change these port numbers, first update the /etc/services file, then:
- Linux
-
Enter the following command to restart the service:
systemctl restart wgmgrd.socket - Windows
- Not available.
There are other default ports on which the SafeLinx Server listens. To change these port numbers, use the SafeLinx Administrator to edit the SafeLinx Server, mobile access services, or messaging services properties.
These ports include:
| Port number and protocol | Component using | Direction | Comment |
|---|---|---|---|
| 80 - TCP |
|
Internet side of SafeLinx Server from HTTP Access clients and SafeLinx Clients. Intranet side to HTTP application servers | Depends on location of HTTP proxy, web, or application server |
| 443 - TCP |
|
Internet side of SafeLinx Server from HTTP Access clients and SafeLinx Clients. Intranet side to HTTP application servers | Depends on location of HTTP proxy, web, or application server |
| 1645 or 1812 - UDP | RADIUS authentication messages | Bidirectional – Intranet side of SafeLinx Server | Used in conjunction with the device resolver or with third-party RADIUS authentication servers |
| 1646 or 1813 - UDP | RADIUS accounting messages | Bidirectional – Internet side of SafeLinx Server | Used in conjunction with the device resolver or with third-party RADIUS authentication servers |
| 9557 - TCP | SafeLinx Server | No firewall implication | Used between the SafeLinx Server and the wg_monitor utility |
| 14356 - TCP |
|
Depends on location of subordinate nodes – If the nodes are inside the DMZ, there is no firewall implication, otherwise it is the Intranet side of SafeLinx Server | Subordinate node in a cluster listens to receive incoming requests from a principal node – inactive by default |
| 8888 - TCP and UDP | Mobile access services | Bidirectional | Used between SafeLinx Client and SafeLinx Server to change client password.
Note: This port is only accessed through the VPN tunnel and does not need to be externalized by
firewalls. |
| 8889 - TCP and UDP | Mobile access services | Bidirectional – Internet and Intranet side of SafeLinx Server, unless specifically set to bind to an IP address on one side or the other | IP-based receive |
| 9551 - TCP | SafeLinx Server | Bidirectional | The SafeLinx Server listens for dynamic configuration requests using the TCP protocol. |
| 9553 - TCP | SafeLinx Server | Bidirectional | The SafeLinx Server listens for dynamic configuration requests using the TCP protocol. |
| 9610 - TCP | Mobile access services | Bidirectional | Listener for third-party RADIUS authentication requests from SafeLinx Clients |
| 13131 - TCP | Messaging services | Bidirectional – Intranet side of SafeLinx Server | Send/receive port for messaging services API traffic |
| 13132 - TCP | Messaging services | Bidirectional – Intranet side of SafeLinx Server | Secure send/receive port for messaging services API traffic |