Ports and Protocols
Resilio Connect uses specific ports and protocols to properly function. Depending on the network your Agents are in, these must be open to let traffic flow between the Agents, Management Console, and the Tracker Server. The Management Console communicates with the Agents using TCP.
Once the Management Console and Agents are communicating, the Resilio Connect Agents must also be able to transfer data to and from other Agents. Agents transfer data to each other using TCP and UDP. To make this possible the necessary ports must be opened and forwarded on all firewalls, NATs, and routers between the Agents.
Basic Configuration (Management Console, Tracker and Agents are all on same LAN)
(image is clickable)
Advanced Configuration (Management Console & Tracker Server are behind a Firewall and you have WAN-based Agents)
(image is clickable)
What Ports are required by Resilio Connect?
|TCP||8444||Resilio Agent control traffic|
|TCP||8445 *||Resilio Agent events and logs|
|TCP and UDP||3000||Tracker service **|
|TCP (outgoing)||1080||Connection to Resilio Proxy|
* Port 8445 is optional and only used when Management Console saves events to events.log
** By default the tracker runs on the same machine as the Management Console, but can be placed on another machine if preferred
Additionally Management Console reaches out to the following Resilio's public servers:
https://connect-license.resilio.com/check_connect.php on port 443
Checking license updates. Every 24 Hours or upon service startup. If there are unlicensed Agents, the Management Console checks for license updates every 10 minutes.
https://orders.resilio.com/api/orders/get_tickets port 443
check for counts of total and available support tickets per support plan.
https://upload.resilio.com on port 443
Create Support Case (with automated Log upload). Manual log uploads go to https://feedback.resilio.com/ which is a link to https://upload.resilio.com
|TCP and UDP *||3000||Tracker Server|
|TCP and UDP **||3839**||Data transfer between agents|
|Multicast UDP (188.8.131.52)***||3838||LAN agent discovery|
|UDP multicast to *** 184.108.40.206||1900||
UPnP and NAT-PMP
|TCP and UDP||3328||
Connection to Proxy server (additionally, custom port might be required)
* UDP is optional and if your organization doesn't allow it the Tracker will still work.
** If each of the Agents is behind a NAT or firewall (pfSense in particular), it may required to configure external port. Add custom parameter external_port with a port number to the Agent's Profile. Otherwise it's not guaranteed that the outgoing traffic will be forwarded through the same data transfer port, which will make connection impossible between such Agents.
**Connect Agents can be configured to transfer data using only TCP or UDP if your organization limits the transmission of one these protocols
*** Multicast is optional and if your organization doesn't allow it there are other ways to enable Connect Agents to transfer data.
Optional. If you don't use a proxy, no need to open these ports
|TCP (incoming)||1080||Connection from Management Console|
|TCP and UDP (incoming)||3328||Connection from agents to proxy server (additionally, custom port might be required)|
If your Management Console (and default Tracker Server) are behind a Firewall and you have WAN based Agents, you may need to enable port forwarding from you WAN based IP address to your LAN based computer (hosting the Management Console) for the following:
|TCP||8444 & 8445||Management Console|
|TCP and UDP||3000||Tracker Server|
Agent Connection to Management Console
For Connect Agents to communicate with the Management Console, they require a configuration file (sync.conf) which contains the IP address (or DNS name), and security credentials of the Management Console. This is so they can:
- Establish a secure connection to the Management Console
- Send file and job operation events
- Connect to other Agents and receive Agent policy