Forward Proxy Firewall Configuration

Note: If you have a local firewall on your proxy server (such as iptables), verify that it is not blocking the SSH and FASP transfer ports.

Internal Firewall

If outbound connections are restricted by the internal firewall, the firewall must be open to the following ports.

  • outbound TCP/9091 and 9092 (or whatever ports are configured for HTTP and HTTPS the client transfer application). These are the ports through which a client on the internal network establishes communication with the proxy server.
  • outbound TCP and UDP/5000-10000 (or whatever range of ports are set in aspera.conf using port_range_low and port_range_high). These are the ports the client uses for SSH and FASP data transfer.

External Firewall

If outbound connections are restricted by the external firewall, the external firewall must allow outbound TCP and UDP/33001 for SSH and FASP data transfer.

If the destination server has a Windows, FreeBSD, or Isilon operating system that does not allow concurrent transfers to bind to the same UDP port, the external firewall must allow a range of UDP ports, for example outbound UDP/33001-33100.