ASE ports
The API Security Enforcer (ASE) uses default ports as defined in the table below. If any port configured in the ase.conf
file is unavailable, ASE will not start.
Port Number | Description | ||
---|---|---|---|
80 |
Data port in the Security Group for ASE. HTTP and WebSocket (ws) connections. Accessible from any client.
If you are installing ASE as a non-root user, then use a port greater than 1024. |
||
443 |
Data port in the Security Group for ASE. HTTPS and Secure WebSocket (wss) connections. Accessible from any client. If you are installing ASE as a non-root user, then use a port greater than 1024. |
||
8010 |
Management port in the Security Group for ASE. Accessible from management systems and administrators. Used by the command-line interface (CLI) and REST API for managing ASE. |
||
8020 |
Cluster port in the Security Group for ASE. Accessible from peer ASE nodes. Used by ASE internally to set up the cluster. |
||
8080 |
API Behavioral Security (ABS) port. Used by ASE for outbound connections to ABS for sending access logs and receive attack information. |
The management ports 8010 and 8020 should not be exposed to the internet and are strictly for internal use. Make sure that these ports are behind your firewall. In an Amazon Web Services (AWS) environment, both management ports should be private in the Security Group for ASE. If you are setting up the deployment in an AWS environment with security groups, use private Internet Protocol (IP)s for ABS connections to avoid security group issues. |