ArcGIS Server uses certain ports to communicate with other machines. Below are descriptions of the ports you may need to allow on your firewall.
HTTPS port 6443
ArcGIS Server only communicates through port 6443 by default. Ensure your firewall allows HTTP communication through this port. Unless you have disabled direct administrative access (routing traffic through your ArcGIS Web Adaptor instead), your users can access the server through port 6443.
HTTP port 6080
By default, ArcGIS Server supports HTTPS communication only, and communication through port 6080 is not allowed. Administrators can change this setting in the ArcGIS Server Administrator Directory to allow HTTP plaintext communication through port 6080, but this is considered a less secure option.
Note:
If you install your deployment using ArcGIS Enterprise Builder, the configuration wizard initially opens through port 6080 then switches to use HTTPS through port 6443. This does not occur when you install ArcGIS Server on its own; in this case, Server Manager automatically opens over port 6443.
Port 6006
This port is used by ArcGIS Server for internal processes. It must be available or ArcGIS Server to start successfully and cannot be used by other programs or applications. Unlike for other ports, described below, ArcGIS Server cannot automatically increment to a different port if port 6006 is not open.
Internally used ports (1098, 6099, others)
Ports 1098, 6099, and other random ports are used by ArcGIS Server to start processes in each ArcGIS Server machine. You do not have to open these ports for access by other machines; however, you should be aware that ArcGIS Server is using them in case you run other applications that require the same ports.
If the ArcGIS Server installation detects that one of these ports is in use, it automatically increments the port number it uses. For example, if it detects that another application is already using 1098, it uses 1099 if that port is available.
When ArcGIS Server is installed on a server machine, avoid using your firewall to obstruct internal communication in that machine.
If restrictive firewall policies are preventing your site from being created (usually evidenced by the error message, Failed to create the service 'System/CachingTools.GPServer'), you can adjust your firewall to explicitly allow the ArcGIS Server processes. For example, with Windows Firewall, you can add new inbound rules that allow the following four programs:
- <ArcGIS Server installation location>\framework\runtime\ArcGIS\bin\ArcSOC.exe
- <ArcGIS Server installation location>\framework\etc\service\bin\ArcGISServer.exe
- <ArcGIS Server installation location>\framework\runtime\jre\bin\javaw.exe
- <ArcGIS Server installation location>\framework\runtime\jre\bin\rmid.exe
Note:
This component is only one part of an ArcGIS Enterprise deployment. See ArcGIS Enterprise system requirements for a diagram and links to information about the ports needed to communicate with other components in an Enterprise portal.