Forward proxy firewall configuration
Restricting outbound connections is possible when using an internal or external firewall.
Internal firewall
If outbound connections are restricted by an internal firewall, the firewall must be open to the following ports:
- Outbound TCP/9091 and 9092 (or whatever ports are configured for HTTP and HTTPS the client transfer application). These are the ports through which a client on the internal network establishes communication with the proxy server.
- Outbound TCP and UDP/5000-10000 (or whatever range of ports are set in aspera.conf using
port_range_lowandport_range_high). These are the ports that the client uses for SSH and FASP® data transfer.
External firewall
If outbound connections are restricted by the external firewall, the external firewall must allow outbound TCP and UDP/33001 for SSH and FASP data transfer.
If the destination server has a Windows™, FreeBSD, or Isilon operating system that does not allow concurrent transfers to bind to the same UDP port, the external firewall must allow a range of UDP ports, for example outbound UDP/33001-33100.