---
title: "Port Requirements"
slug: "fortanix-data-security-manager-port-requirements"
updated: 2026-05-01T06:08:55Z
published: 2026-05-01T06:08:55Z
canonical: "support.fortanix.com/fortanix-data-security-manager-port-requirements"
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.fortanix.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Port Requirements

## 1.0 List of Required Open Ports

### 1.1 External or Application Ports

The following ports need to be accessible by clients wanting to access Fortanix-Data-Security-Manager (DSM).

| **Protocol** | **Inbound/ Outbound** | **Port Number** | **Load Balancer Use (Yes/No)** | **Purpose** |
| --- | --- | --- | --- | --- |
| TCP | Inbound | 22 | No | SSH connection to Fortanix Data Security Manager server. |
| TCP | Inbound | 443 | Yes | HTTPS – Used for WebUI and calling REST API. Applications will access the cluster URL on this port. Each individual node will also need this port open. |
| TCP | Inbound | 4445 | Yes | HTTPS - Used for delivering static content in WebUI. |
| TCP | Inbound | 5696 | Yes | Used by applications that use KMIP for interacting with Fortanix DSM. Applications will access cluster URL on this port. Each individual node will also need this port open. |

### 1.2 Intra-Cluster Ports

The following ports are needed for communication between different cluster nodes.

| **Protocol** | **Inbound/ Outbound** | **Port Number** | **Load Balancer Use (Yes/No)** | **Purpose** |
| --- | --- | --- | --- | --- |
| IP |  |  | No | Protocol Number 112 (VRRP) – Cluster IP negotiation (keepalived) |
| TCP | Both | 2379 | No | HTTP – etcd API (This port uses TLS after upgrade to 3.24) |
| TCP | Both | 2380 | No | etcd intra-cluster communication |
| TCP | Both | 2382 | No | etcd intra-cluster communication over TLS (This port needs to be open before upgrading to 3.24). |
| TCP | Both | 6443 | No | HTTPS – Kubernetes API. |
| TCP | Both | 10250 | No | Kubelet Port |
| UDP | Both | 8472 | No | VXLAN – intra-cluster communication. |

### 1.3 Outbound Ports

The following outbound ports must be open for Fortanix DSM in case these external systems shall be accessible.

| **Protocol** | **Inbound/ Outbound** | **Port Number** | **Load Balancer Use (Yes/No)** | **Purpose** |
| --- | --- | --- | --- | --- |
| TCP | Outbound | SMTP | No | If SMTP email is configured. |
| TCP | Outbound | 443 | No | If email is configured using AWS SES. |
| UDP | Outbound | 514 | No | if external Syslog is used with fluentd configuration for cluster POD logs. |
| TCP | Outbound | 514 | No | if external logging is used to push Audit logs. |
| TCP | Outbound | 514 | No | If external logging using Syslog TLS is configured. |
| TCP | Outbound | 8089 | No | If external logging using Splunk is configured. |
| TCP | Outbound | 443 | No | If external logging using Google stack driver is configured. |
| TCP | Outbound | 636 | No | If SSO authentication with AD/LDAP is configured. |
| TCP | Outbound | 443 | No | If external logging using OAuth is configured. |
| TCP | Outbound | 443 | No | For connection to IAS proxy if attestation is enabled. |
| UDP | Outbound | 123 | No | When external NTP is configured. |
| TCP | Outbound | 80 | No | Used for Intel remote attestation when SGX is configured. *For more information, refer to the*[*Fortanix Data Security Manager Cluster Attestation Guide (on-prem only)*](/v1/docs/fortanix-data-security-manager-cluster-attestation-guide-on-prem-only)*.* |
| TCP | Outbound | 443 | No | Used for Intel remote attestation service when SGX is configured. *For more information, refer to the*[*Attestation Fortanix Data Security Manager Cluster Attestation Guide (on-prem only)*](/v1/docs/fortanix-data-security-manager-cluster-attestation-guide-on-prem-only)*.* |
| TCP | Outbound | 443 | No | Used for communication with GitHub repository for Fortanix DSM plugins. *For more information, refer to*[*SDKMS Plugin Library*](https://github.com/fortanix/sdkms-plugin-library)*.* |
| TCP | Outbound | 53 | No | The DNS ports that are used to query and request information from the DNS servers. |
| UDP | Outbound | 53 | No | The DNS ports that are used to query and request information from the DNS servers. |

### 1.4 Management Interface Ports

When the MGMT network port is connected to the network, the following ports must be open to use the Intelligent Platform Management Interface (IPMI):

| **Protocol** | **Inbound/ Outbound** | **Port Number** | **Load Balancer Use (Yes/No)** | **Purpose** |
| --- | --- | --- | --- | --- |
| TCP | Inbound | 80 | No | Only applicable for FX2200 appliances - For IPMI Web UI. |
| TCP | Inbound | 443 | No | Only applicable for FX2200 appliances - For IPMI Web UI using HTTPS if configured. |
| UDP | Inbound | 623 | No | Only applicable for FX2200 appliances - For IPMI and SOL. |

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

Fortanix Data Security Manager (DSM) is the world’s first cloud service secured with Intel® SGX. With Fortanix DSM, you can securely generate, store, and use cryptographic keys and certificates, as well as other secrets such as passwords, API keys, tokens, or any blob of data. Your business-critical applications and containers can integrate with Fortanix DSM using legacy cryptographic interfaces (PKCS#11, CNG, and JCE) or using the native Fortanix DSM RESTful interface.

## Related

- [FX2200 Hardware Guide](/fortanix-data-security-manager-fx2200-hardware-guide.md)
- [Installation from Azure Marketplace](/fortanix-data-security-manager-installation-from-azure-marketplace.md)
- [Custom Role](/fortanix-dsm-custom-role.md)
- [Introduction to Fortanix DSM Backup and Restore](/introduction-to-fortanix-dsm-backup-and-restore.md)
- [Fortanix DSM SaaS Architecture](/fortanix-dsm-saas-architecture.md)