What ports need to be opened on internal or external firewalls when deploying ProxySG?

FAQ ID:    FAQ478
Version:    2.0
Status:    Published
Published date:    09/25/2009
Updated:    08/09/2010


In addition to all ports needed for standard traffic, there may be several ports required to be opened depending on which features are implemented.

Port Type

Direction in relation
to the ProxySG

21 TCP Outbound FTP - used to send access logs to a logging server like Blue Coat Reporter
22 TCP Inbound SSH management of the ProxySG
53 both Outbound DNS
123 UDP Outbound Network Time Protocol (NTP)
514 UDP Outbound Syslog - used to send event log messages to a syslog server
8081 TCP Inbound HTTP management of the ProxySG
8082 TCP Inbound HTTPS management of the ProxySG
9081 TCP Outbound Log streaming to Blue Coat Reporter
15868 TCP Outbound Websense policy server
16101 TCP Outbound BCAAA - used for authentication communication with IWA authentication services


There may be several ports required to be opened externally as well.

Port Type Internet
or WAN
Direction in relation
to the ProxySG
443 TCP Internet Outbound Used to send daily heartbeats to Blue Coat (box health updates), retrieve Blue Coat Web Filter updates,
license updates, etc.
TCP WAN Inbound & Outbound Application Delivery Network (ADN) used for explicit connections between two ProxySG peers


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question