About firewalls
We recommend that you deploy appliances behind your firewall. These firewall settings are required for the SteelHead communication across firewalls:
• Ports 7800 and 7810 must be open.
• Make sure your firewall doesn’t strip TCP options.
Secure transport requires communication on the management, control, and data planes.
• For the management plane, controllers communicate with managed appliances on TCP ports 9443 and 22.
• For the control plane, controllers communicate with managed appliances on TCP port 9443.
• The encryption service uses encapsulating security payload (ESP), also known as IP protocol 50 and is part of the IPSec suite of security protocols. If the network is public, the service uses UDP on port 4500.