Jump To: Products > Preparation > Ports

Ports required to be opened inbound by your ISP

To set up remote access and administration, you will need to request that the following inbound ports are opened by your ISP and mapped through to the NetManager (all are TCP unless stated otherwise):

• 22 (ssh secure shell)
• 80 (http)
• 443 (https)
• 1194 UDP (OpenVPN)

Depending on the roles that the NetManager will be providing you may also want:

• Email services:
  • 25 (SMTP, can STARTTLS for encryption)
  • 110 (POP3, no encryption, not recommended)
  • 143 (IMAP, can STARTTLS for encryption)
  • 587 (secure SMTP submission, can STARTTLS for encryption)
  • 993 (IMAPS, i.e. IMAP over SSL)
  • 995 (POP3S, i.e. POP3 over SSL)
• FTP services:
  • 20/21 (FTP)
• Jabber (instant messaging/chat)
  • 5222 (XMPP client connections)
  • 5223 (XMPP over SSL client connections)
  • 5269 (XMPP connections from other servers)

For Citrix XenApp installations, you may also require:

• 1494 (Citrix ICA)

For Citrix NetScaler Gateway installations (required by XenDesktop/VDI-in-a-Box and recommended for XenApp) the following inbound ports will need to be opened and mapped through to the NetScaler Gateway. N.B this is in addition to ports required by NetManager, so an additional external IP address will be required:

• 80 (http)
• 443 (https)

If the ISP does not understand that the first s in ssh stands for secure, they may insist on restricting port 22 access to a certain range of IP addresses. This is a loss as it stops you, the customer, taking advantage of the secure remote administration it provides. However, if there is no alternative our IP range is: 80.71.28.0/26