# Firewall Configuration
We strongly recommend deploying the ExaVault virtual appliance behind a firewall. The tables below list the ports to open.
The appliance also requires some inbound and outbound connectivity to the public Internet, detailed below.
## Inbound Traffic (Public Internet) Port Requirements
| **Port** | **Description** |
| ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| ICMPv4 | Used for verifying the server is up and accessible. |
| 80 | Used for non secure web GUI access to the application. Does not need to be made available publicly. |
| 443 | Used for secure Web GUI access to the application. Does not need to be made available publicly. Also used by the API. |
| 21 | Used for FTP access to the appliance. Does not need to be open if the FTP service is not used externally. |
| 22 | User for SFTP access to the appliance. Does not need to be open if the SFTP service is not used externally. |
| 990 | Used for FTPS access to the appliance. Does not need to be open if the FTPS service is not used Externally. |
| 40000-49999 | Used for FTP/FTPS data channels to the appliance. Does not need to be open if neither the FTP nor FTPS services are used Externally.
Note: Currently only a subset of this range is used by the appliance, but we recommend opening the entire range because we will be expanding the range in future versions.
|
## Inbound Traffic (Internal Network) Port Requirements
| **Port** | **Description** | **Required** |
| ----------- | --------------------------------------------------------------------------------------------------------------------- | ------------ |
| ICMPv4 | Used for verifying the server is up and accessible. | YES |
| 80 | Redirects to HTTPS port 443 | YES |
| 443 | Used for secure Web GUI access to the application. Does not need to be made available publicly. Also used by the API. | YES |
| 21 | Used for FTP access to the appliance. Does not need to be open if the FTP service is not used externally. | NO |
| 22 | User for SFTP access to the appliance. Does not need to be open if the SFTP service is not used externally. | NO |
| 990 | Used for FTPS access to the appliance. Does not need to be open if the FTPS service is not used Externally. | NO |
| 10022 | Used for support sessions to the appliance. ( for support sessions SSH access is required running on port 10022 ) | YES\* |
| 9002 | Used to access the appliance manager web GUI ( for setup and management of the appliance ) | YES\* |
| 40000-49999 | FTP Passive Ports | NO |
\* These ports are needed for administering the system and must be locked down at the firewall.
## Outbound Traffic Port Requirements
| Port | Description | Required |
| ---- | ----------------------------------------- | -------- |
| 80 | Used to download updates from our servers | YES |
| 443 | Used to download updates from our servers | YES |
| 53 | DNS services to resolve names for updates | YES |
| 389 | Used for LDAP connections | NO |
| 636 | Used for LDAPS connections | NO |
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.exavault.com/installing-and-upgrading-the-appliance/firewall-configuration.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.