List of ports used by Silver Peak Appliances Data Plane This is for packets that traverse the optimization path. For creating tunnels, at least one of the first three applications — GRE, IPSec, or UDP — must be open. Must open port ? Application Ports and Protocols Use yes GRE Protocol 47 If tunnel mode is GRE yes IPsec Protocol ESP 50; UDP port 500 (for IKE key exchange) If tunnel mode is IPsec yes UDP UDP Port 4163 If tunnel mode is UDP yes ICMP Protocol 1 Checks reachability of next-hop routers opt. flow redirection TCP Port 4164 and UDP Port 4164 If flow direction is enabled and clustered via routers opt. VRRP Protocol 112 For VRRP protocol messages opt. WCCP protocol UDP Port 2048 For WCCP redirection opt. WCCP CRE tunnel Protocol 47 If L3 WCCP redirection is enabled, then Protocol 47 is used to redirect traffic between WCCP router and VXOA appliance, in both directions. Management Plane It is mandatory for certain ports to be open. Opening other ports is optional (opt.), depending on your network, applications, and chosen deployment. Must open port ? TCP UDP Port Application Direction relative to the appliance Used for ... yes x 22 SCP bidirectional • configuration backup • software upgrades yes x 80 HTTP bidirectional communication with VXOA clients and with the Orchestrator yes x 443 HTTPS bidirectional communication with VXOA clients opt. x 20 [data channel] 21 [control channel] FTP bidirectional • configuration backup • software upgrades opt. x 49 TACACS+ outgoing user authentication and authorization opt. x x 53 DNS outgoing domain name services opt. x 123 NTP outgoing synchronizes clocks opt. x 1812 RADIUS outgoing user authentication and authorization opt. x 162 SNMP outgoing SNMP trap receivers opt. x 2055 Netflow outgoing Netflow collector