Secure the Network Layer
Last modified: August 24, 2022
Communications from a browser to Server and between Server components are transmitted over Internet connections using the TCP/IP internetworking protocol. The services listen for connections on specific ports. To secure the network layer, we recommend allowing connections through your firewall only on these ports.
Required Alteryx TCP Ports and Protocols
Server components use these default ports to connect with the user and other system services. You can change the default ports and protocols depending on your local deployment needs. Go to System Requirements for more information about the required connections for Server.
Alteryx Server listens on the following ports for external communication:
- Port 80: The Controller node listens on TCP/80 for connections from the Service layer (Worker nodes). Service layer communications comprise a proprietary protocol encrypted with AES256. If the Server is not configured for HTTPS operation, Server UI node(s) can also listen on TCP/80 for plaintext HTTP connections to the Server web UI and API. For more information, visit Secure the Operating System Level and Server Configuration help pages.
- Port 443: The Server UI node(s) listen on TCP/443 for TLS-enabled web UI and API connections.
- Port 27018: The embedded MongoDB instance listens for connections on TCP/27018. On an all-in-one Server deployment, access is required only for localhost/127.0.0.1 communications, and we recommend you deny access from the network unless you need to enable direct administrative access from another host to Server’s backing MongoDB. In a Multi-Node deployment, you will need to allow network access on this port from the other nodes to the machine hosting the database (usually the Controller).