ArcGIS Server uses certain ports to communicate with machines on the internet and intranet. Below is a description of the ports that you may need to allow on your firewall.
HTTPS port 6443
ArcGIS Server only communicates through port 6443 by default. Ensure your firewall allows HTTP communication through this port. Unless you have disabled direct administrative access (routing traffic through your ArcGIS Web Adaptor instead), your users can access the server through port 6443.
HTTP port 6080
By default, ArcGIS Server supports HTTPS communication only, and communication through port 6080 is not allowed. Administrators can change this setting in the ArcGIS Server Administrator Directory to allow HTTP plaintext communication through port 6080, but this is considered a less secure option.
If you install your deployment using ArcGIS Enterprise Builder, the configuration wizard initially opens through port 6080 then switches to use HTTPS through port 6443. This does not occur when you install ArcGIS Server on its own; in this case, Server Manager automatically opens over port 6443.
Internally used ports (1098, 6006, 6099, others)
Ports 1098, 6006, 6099, and other random ports are used by ArcGIS Server to start processes in each ArcGIS Server machine. You do not have to open these ports for access by other machines; however, you should be aware that ArcGIS Server is using them in case you run other applications that require the same ports.
If the ArcGIS Server installation detects that one of these ports is in use, it automatically increments the port number it uses. For example, if it detects that another application is already using 1098, it uses 1099 if that port is available.
When ArcGIS Server is installed on a server machine, avoid using your firewall to obstruct internal communication in that machine.
If restrictive firewall policies are preventing your site from being created (usually evidenced by an error message Failed to create the service 'System/CachingTools.GPServer'), you can adjust your firewall to explicitly allow the ArcGIS Server processes. For example, with Windows Firewall, you can add new inbound rules that allow the following four programs:
- <ArcGIS Server installation location>\bin\ArcSOC.exe
- <ArcGIS Server installation location>\framework\etc\service\bin\ArcGISServer.exe
- <ArcGIS Server installation location>\framework\runtime\jre\bin\javaw.exe
- <ArcGIS Server installation location>\framework\runtime\jre\bin\rmid.exe
The Windows account running ArcGIS Server must also have access to the Command Prompt.
Ports used by ArcGIS GeoAnalytics Server
If you deploy ArcGIS Server as ArcGIS GeoAnalytics Server, ports 2181, 2182, 2190, 56540-56545, and 7077 are also used for intermachine communications.