Skip to main content

Required ports

Each component in an ArcGIS Enterprise deployment communicates over a specific set of ports. If a port is used to communicate between machines, you must open that port in the machine's firewall. If a port is used for internal communication, verify the port isn't being used by another application that is running on the machine.

View a diagram of the ports used in an ArcGIS Enterprise deployment.

ArcGIS Web Adaptor

By default, ports 443 and 80 are used on ArcGIS Web Adaptor machines. In some rare cases, it may be necessary to use a non-default port for ArcGIS Web Adaptor

Portal for ArcGIS

Portal for ArcGIS uses the HTTP port 7080 and HTTPS port 7443 to communicate. By default, the portal enforces the use of HTTPS to encrypt communication; port 7080 is not used unless you change these settings to allow communication through HTTP as well.

Intramachine communication ports

The following ports allow Portal for ArcGIS to communicate with processes on its local machine:

  • 50432 (TCP)—This port must be available (free) on the Portal for ArcGIS machine when upgrading.

  • 7005

  • 7080 (if HTTP communication is enabled)

  • 7099

  • 7120

  • 7220

  • 7443

  • 7654

  • 7820

  • 7830

  • 7840

  • 11211

Ephemeral ports

Portal for ArcGIS may use ephemeral ports (sometimes called dynamic ports) within two wide ranges. These ports are open for a short period, requested by the portal, and closed as soon as the portal stops using them. The default ranges are ports 1024-5000 and ports 49152-65535, though system administrators can customize these ranges.

Highly available portals

If you configured a highly available portal across multiple machines, the following ports are used for communication between machines:

  • 50432 (TCP)—This port must be available (free) on the Portal for ArcGIS machines when upgrading.

  • 7080 (if HTTP communication is enabled)

  • 7120

  • 7443

  • 7654

  • 7820

  • 7830

  • 7840

  • 11211

ArcGIS Server

ArcGIS Server uses certain ports. Below are descriptions of the ports you may need to allow on your firewall and their purposes.

HTTPS port 6443

ArcGIS Server only communicates through port 6443 by default. This port is also used for communication between ArcGIS Server machines. Ensure your firewall allows HTTP communication through this port. Unless you have disabled direct administrative access (routing traffic through your ArcGIS Web Adaptor instead), your users can access the server through port 6443.

HTTP port 6080

By default, ArcGIS Server supports HTTPS communication only, and communication through port 6080 is not allowed. Administrators can change this setting in the ArcGIS Server Administrator Directory to allow HTTP plaintext communication through port 6080, but this is considered a less secure option.

Note:

If you install your deployment using ArcGIS Enterprise Builder, the configuration wizard initially opens through port 6080 and switches to use HTTPS through port 6443. This does not occur when you install ArcGIS Server on its own; in this case, Server Manager automatically opens over port 6443.

Port 6006

This port is used by ArcGIS Server for internal processes. It must be available for ArcGIS Server to start successfully and cannot be used by other programs or applications. Unlike for other ports, described below, ArcGIS Server cannot automatically increment to a different port if port 6006 is not open.

Internally used ports (1098, 6099, others)

Ports 1098, 6099, and other random ports are used by ArcGIS Server to start processes in each ArcGIS Server machine. You do not have to open these ports for access by other machines; however, you should be aware that ArcGIS Server is using them in case you run other applications that require the same ports.

If the ArcGIS Server installation detects that one of these ports is in use, it automatically increments the port number it uses. For example, if it detects that another application is already using 1098, it uses 1099 if that port is available.

When ArcGIS Server is installed on a server machine, avoid using your firewall to obstruct internal communication in that machine.

If restrictive firewall policies are preventing your site from being created (usually evidenced by the error message, Failed to create the service 'System/CachingTools.GPServer'), you can adjust your firewall to explicitly allow the ArcGIS Server processes. For example, with Windows Firewall, you can add new inbound rules that allow the following four programs:

  • <ArcGIS Server installation location>\framework\runtime\ArcGIS\bin\ArcSOC.exe

  • <ArcGIS Server installation location>\framework\etc\service\bin\ArcGISServer.exe

  • <ArcGIS Server installation location>\framework\runtime\jre\bin\javaw.exe

  • <ArcGIS Server installation location>\framework\runtime\jre\bin\rmid.exe

The Windows account running ArcGIS Server must also have access to the Command Prompt.

ArcGIS Data Store

The sections below list the ports used by ArcGIS Data Store to communicate with other parts of ArcGIS Enterprise or to communicate between ArcGIS Data Store machines.

For multimachine data stores, ports used for communication between machines must be open for all machines.

Other ports listed below must be left available on the data store machine; in other words, no other app on that machine should be using the port specified. No external communication is needed, but a process internal to the data store uses the port.

All ArcGIS Data Store types

All data store types that you deploy using ArcGIS Data Store require the following ports:

  • 2443 (HTTPS)—The machines participating in an ArcGIS Data Store deployment communicate with one another through this port. Additionally, the following also communicate with the data stores through this port:

    • The ArcGIS Data Store configuration wizard

    • The ArcGIS Server site that acts as the hosting server

    • The webgisdr utility that is installed with Portal for ArcGIS

  • 6443 (HTTPS)—ArcGIS Data Store sends outbound requests through this port to the hosting ArcGIS Server site.

  • 9006 (TCP)—ArcGIS Data Store uses this port to internally communicate with a web server. You don't need to open this port in the firewall, but it does need to be free on the machines where you install ArcGIS Data Store.

Relational store machines

The following ports are required on machines where you install and configure the relational store:

  • 9876 (TCP)—Internal communication between the hosting ArcGIS Server site and the relational store occurs through this port, as does some communication between the primary and standby relational store machines.

  • 9840 (TCP)—This port must be open on the relational store machines for communication between the hosting server and a system in-memory cache database that is installed on relational store machines.

  • 9820 and 9850 (TCP)—These ports must be open on the relational store machines for communication between the data store machines.

  • 45671 and 45672 (TCP)—These ports on the relational store machines must be available to allow communication with the ArcGIS GIS Server sites because service webhooks require them.

  • 50432 (TCP)—This port must be available (not used by any other application) on relational store machines when upgrading the relational store.

  • 25672 and 44369 (TCP)—These ports must be available on the relational store machines because service webhooks require them.

Object store machines

The following ports are required on machines where you install and configure the object store:

  • 29879 and 19879 (HTTPS)—The hosting server communicates with the object store over these ports on the object store machines.

  • Object stores also use all of the following ports to communicate between machines in an object store cluster and for internal processes:

    • 19864 and 29860–29863 (Hadoop RPC)

    • 29858, 29859, 28981, 29895 (gRPC)

    • 9856, 9857, 9872, 9886, 9894 (HTTP/2)

  • 11211 (TCP)—This port must be available on object store machines for internal processes.

Spatiotemporal big data store machines

The following ports are required on machines where you install and configure the spatiotemporal big data store:

  • 9220 (HTTPS)—The hosting ArcGIS Server site and federated ArcGIS Server sites communicate with the spatiotemporal big data store through 9220. Communication between spatiotemporal big data store machines in a cluster also happens through port 9220.

  • 9320 (TCP)—Machines in the spatiotemporal big data store cluster communicate with one another through port 9320.

Graph store machines

The following ports are required on machines where you install and configure the graph store:

  • 9829 (TCP)—ArcGIS Knowledge Server communicates with the graph store over this port, and machines in a graph store cluster communicate with one another over this port.

  • 9828, 9830, and 9831 (TCP)—Machines in a graph store cluster communicate with one another over these ports.

Other components

Use the following list to find the ports used by other components you can have in an ArcGIS Enterprise deployment: