List of ports used by the Orchestrator Following is the list of ports used by the Orchestrator. All are part of the management plane. It is mandatory for certain ports to be open. Opening other ports is optional (opt.), depending on your network, applications, and chosen deployment. Must open port? TCP UDP Port Application Direction relative to the Orchestrator Comments yes x 22 SSH bidirectional CLI (Command Line Interface) access over SSH yes x 443 HTTPS bidirectional communications between the Orchestrator and a physical or virtual appliance opt. x 21 FTP outgoing for Orchestrator backup This is the default port. If you’ve configured a different port, then you also need to configure the firewall with that port number. opt. x 22 SCP outgoing for Orchestrator backup This is the default port. If you’ve configured a different port, then you also need to configure the firewall with that port number. opt. x 49 TACACS+ outgoing user authentication and authorization opt. x x 53 DNS outgoing domain name services opt. x 80 HTTP outgoing If the appliance’s web configuration is for HTTP only, then you must open this port. opt. x 123 NTP outgoing synchronizes clocks opt. x 1812 RADIUS outgoing user authentication and authorization