Required firewall settings.
Your Aspera transfer product requires access through the ports
listed in the table below. If you cannot establish the connection, review your local
corporate firewall settings and remove the port restrictions accordingly.
|| An Aspera server runs one SSH server on a configurable TCP port (22 by
Aspera strongly recommends running
the SSH server on a non-default port to ensure that your server remains
secure from SSH port scan attacks. Please refer to the topic Securing your SSH Server
for detailed instructions on changing your SSH
Your firewall should be configured as follows:
- Allow inbound connections for SSH, which is on TCP/22
by default, or on another non-default, configurable TCP port. To ensure that your server is
secure, Aspera strongly recommends allowing inbound connections for
SSH on TCP/33001, and disallowing inbound connections on
TCP/22. If you have a legacy customer base utilizing TCP/22,
then you can allow inbound connections on both ports. Please refer to
the topic Securing your SSH Server for details.
- Allow inbound connections for FASP transfers, which use UDP/33001 by
default, although the server may also choose to run FASP transfers on
- If you have a local firewall on your server (like iptables), verify that it is not
blocking your SSH and FASP transfer ports (e.g. TCP/UDP 33001).
- For the HTTP Fallback Server, allow inbound and outbound connections for
HTTP and/or HTTPS (e.g. TCP/8080, TCP/8443).
- For the Web UI, allow inbound connections for HTTP and/or HTTPS Web
access (e.g. TCP/80, TCP/443).
The firewall on the server side must allow the open TCP port to reach the
Aspera server. Note that no servers are listening on UDP ports. When a
transfer is initiated by an Aspera client, the client opens an SSH session
to the SSH server on the designated TCP port and negotiates the UDP port
over which the data transfer will occur.
||Typically, consumer and business firewalls allow direct outbound
connections from client computers on TCP and UDP. In this case, no configuration
is required for Aspera transfers. In the special case of firewalls disallowing
direct outbound connections, typically using proxy servers for Web browsing, the
following configuration applies:
- Allow outbound connections from the Aspera client on the TCP port
(TCP/33001 by default, when connecting to a Windows server, or on
another non-default port for other server operating systems).
- Allow outbound connections from the Aspera client on the FASP UDP port
(33001, by default).
- If you have a local firewall on your server (such as iptables), verify that it is not
blocking your SSH and FASP transfer ports (such as TCP/UDP 33001).
If you have a local firewall on your
server (Windows firewall, Linux iptables, or Mac ipfw), you will need to allow the Vlink
UDP port (55001, by default) for multicast traffic. For additional information on
setting up Vlinks, see Setting Up Virtual Links