Port requirements

PingAccess uses ports and protocols to communicate with external components. This information provides guidance for firewall administrators to ensure that the correct ports are available across network segments.

Direction refers to the direction of requests relative to PingAccess:

Inbound requests: Requests that PingAccess receives from external components.
Outbound requests: Requests that PingAccess sends to external components.

Service Port details Source Description

PingAccess administrative console

Protocol: HTTPS
Transport: TCP
Default port: 9000
Destination: PingAccess admin console
Direction: Inbound

PingAccess administrator browser, PingAccess administrative application programming interface (API) REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests to the PingAccess administrative console.

Configurable using the admin.port property in the run.properties file. Learn more in the Configuration file reference guide.

This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess cluster communications port

Protocol: HTTPS
Transport: TCP
Default port: 9090
Destination: PingAccess admin console
Direction: Inbound

PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes

Used for incoming requests where the clustered engines request their configuration data.

Configurable using the clusterconfig.port property in the run.properties file. Learn more in the Configuration file reference guide.

This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API.

PingAccess engine

Protocol: HTTP or HTTPS
Transport: TCP
Default port: 3000*

Any additional engine listener ports defined in the configuration must be open as well.

Destination: PingAccess engine
Direction: Inbound

Client browser, mobile devices, PingFederate engine

Used for incoming requests to the PingAccess runtime engine.

Configurable using the Listeners configuration page. Learn more in the PingAccess user interface reference guide.

PingAccess agent

Protocol: HTTP or HTTPS
Transport: TCP
Default port: 3030
Destination: PingAccess engine
Direction: Inbound

PingAccess agent

Used for incoming Agent requests to the PingAccess runtime engine.

Configurable using the agent.http.port property of the run.properties file. Learn more in the Configuration file reference guide.

PingAccess sideband (optional)

Protocol: HTTP or HTTPS
Transport: TCP
Default port: 3020
Destination: PingAccess engine
Direction: Inbound

Sideband client (an API gateway such as Kong Gateway or Apigee)

Used for incoming sideband requests to the PingAccess runtime engine.

Configurable using the sideband.http.port property of the run.properties file. Learn more in the Configuation file reference guide.

The default value of the sideband.http.enabled property is false. This property must be set to true to configure a sideband client.

PingFederate traffic

Protocol: HTTPS
Transport: TCP
Default port: 9031
Destination: PingFederate
Direction: Outbound

PingAccess engine

Used to validate OAuth access token and ID tokens, make Security Token Service (STS) calls for identity mediation, and return authorized information about a user.

Configurable using the PingFederate Settings page within PingAccess. Learn more in the PingAccess user interface reference guide.