Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/nsg/sophos-firewall/21.0/Help/en-us/webhelp/onlinehelp/index.html?contextId=admin-settings-port-sharing

Port sharing among services

Some services require a unique port. Other services can share their port but require a different attribute, such as the IP address and protocol.

No port sharing

The following services require unique ports. If you change the default port, make sure it's unique.

Service Default port Protocol
Web admin console 4444 TCP
User portal 4443 TCP

Note

VPN portal was introduced in SFOS 20.0. It uses the default port 443, which was previously used by the user portal. When you upgrade or restore a backup from an earlier version to SFOS 20.0 and later, the user portal's port (default 443 or custom port) is automatically assigned to the VPN portal. The user portal is then assigned the new default port 4443. If 4443 isn't available, 65040 is automatically assigned to the user portal. See New VPN portal in SFOS 20.0 and later.

Port sharing with restrictions

WAF, VPN portal, and SSL VPN can share their ports with some restrictions.

Protocols and ports

See the default ports assigned to the sevices and the protocols they can use:

Service Default port Protocol
WAF 443 TCP
VPN portal 443 TCP
SSL VPN 8443 TCP or UDP

VPN portal can share its IP address, port, and protocol with SSL VPN.

Warning

If the VPN portal and SSL VPN share the same port and protocol, the following behavior occurs:

  • Login security settings won't work. See Login security.
  • VPN portal becomes accessible from SSL VPN's access zones. See SSL VPN port.

WAF requirements

When you configure WAF, make sure it's different in at least one of the following attributes from the other two services (VPN portal and SSL VPN):

  • WAN IP address
  • Port
  • Protocol

How to ensure different attributes

When you assign an IP address, allow zone access, or change the ports for these services, ensure there's a difference in one of the following attributes between WAF and the other two services.

VPN portal SSL VPN
WAF

WAN IP address

Port

WAN IP address

Port

Protocol

Note

WAF and VPN portal only use TCP. SSL VPN can use TCP and UDP.

More resources