Protocols and Ports used for Configuring the High Availability Setup
The following ports are used to exchange high availability related information between the NetScaler appliances in the high availability setup:
- The UDP port 3003 is used to exchange the heartbeat packets for communicating the UP or DOWN status of the appliance.
- The TCP port 3008 is used for secure high availability configuration synchronization.
- The TCP port 3009 is used for secure command propagation and Metric Exchange Protocol (MEP). This is the secure equivalent of the port 3011, discussed later.
- The TCP port 3010 is used for high availability configuration synchronization.
- The TCP port 3011 is used for command propagation and MEP. Additionally, this port is used for Web Logging and audit server logging.
- Port 22 is used by the rsync process during file synchronization in high availability setup. Port 22 should be opened between the primary and the secondary appliance.
On each appliance, all the preceding ports must be accessible from the NetScaler IP address of the high availability partner for a reliable high availability behavior. In its default configuration, the NetScaler appliance does not use secure ports.
TCP Ports – MEP uses port TCP 3009 or TCP 3011 between the ADC pairs. TCP 3009 is encrypted. GSLB Sync Ports: To use GSLB Configuration Sync, open ports TCP 22 and TCP 3008 (secure) from the NSIP (management IP) to the remote public MEP IP. The GSLB Sync command runs a script in BSD shell and thus NSIP is always the Source IP.
For configuration sync, Local nsip to GSLB Site IP (public IP) in other datacenter. This uses 3008 and 3011. for local gslb site ip snip to GSLB Site IP (public IP) in other datacenter 3009 and 3011.
Posted in CTX109687
- Port 80 for HTTP and port 443 for HTTPS access to the Configuration Utility.
- Port 3010 for the Java applet connection to the Configuration Utility.
- Port 3008 for the encrypted Java applet connection to the Configuration Utility.
- Port 22 for SSH and file transfers using the Configuration Utility.
- The default Lightweight Directory Access Protocol (LDAP) port is 389 for Plaintext and STARTTLS.
- The default LDAP+SSL port is 636.
- The default RADIUS User Datagram Protocol (UDP) authentication port is 1812.
Web Interface Ports
- Web Interface makes an HTTPS call to an SSL VPN virtual server during the initial handshake.
Secure Ticket Authority (STA)
- STA validation traffic and monitoring traffic originates from the Mapped IP Address (MIP) (TCP port 80 or 443).
- ICA connections originate from the MIP or intranet IP (TCP port 1494).
- If you use Session Reliability, open TCP port 2598.
Posted in CTX114355
Full List of ports used by citrix are given HERE
Want to learn more on Citrix Automations and solutions???
Subscribe to get our latest content by email.