Adjust your firewall policies.
If you have an Internet-facing firewall, you may need to adjust its policy to open ports required by the
appliance. By default, the Web proxy service communicates using port 443/tcp (it uses port 443/tcp for HTTPS and port 80/tcp for HTTP). If you want to use SSH to connect to the appliance from outside the
network, you'll need to open port 22/TCP.
If you enable ESP encapsulation of tunnel network traffic, you'll need to open port 4500/UDP.
ESP encapsulation is enabled by default, but the system falls back to the default SSL/TLS if
ESP encapsulation cannot be brought up, as when port 4500/UDP is blocked by the firewall.
If you have a firewall that faces the internal network, you may need to adjust the policy for that firewall
to open ports for any back-end applications with which the appliance must communicate (if these ports
are not already open). For instance, if you use an LDAP or Microsoft Active Directory server for
authentication, you must open port 389/tcp on your internal firewall. For RADIUS, open ports 1645/ucp
If you’re using WorkPlace to access Windows network shares, you must also open internal ports on your
internal firewall so that WorkPlace can perform name resolution, make browse requests, and connect to
For more information, see Gathering Information.