Firewalls and Ports

Firewalls and Ports

Make sure your port settings are configured correctly for firewalls.

There are several different port settings that need to be considered when using firewalls:

  • Port that the cache server listens on. This is configurable using the cache-server element in cache.xml, on the CacheServer class in Java APIs, and as a command line option to the gfsh start server command.

    By default, if not otherwise specified, GemFire clients and servers discover each other on a pre-defined port (40404) on the localhost.

  • Locator port. GemFire clients can use the locator to automatically discover cache servers. The locator port is configurable as a command-line option to the gfsh start locator command. Locators are used in the peer-to-peer cache deployments to discover other processes. They can be used by clients to locate servers as an alternative to configuring clients with a collection of server addresses and ports.

    By default, if not otherwise specified, GemFire locators use the default multicast port 10334.

  • Since locators start up the distributed system, locators must also have their ephemeral port range and TCP port accessible to other members through the firewall.
  • For clients, you configure the client to connect to servers using the client's pool configuration. The client's pool configuration has two options: you can create a pool with either a list of server elements or a list of locator elements. For each element, you specify the host and port. The ports specified must be made accessible through your firewall.

Limiting Ephemeral Ports for Peer-to-Peer Membership

By default, GemFire assigns ephemeral ports, that is, temporary ports assigned from a designated range, which can encompass a large number of possible ports. When a firewall is present, the ephemeral port range usually must be limited to a much smaller number, for example six. If you are configuring P2P communications through a firewall, you must also set each the tcp port for each process and ensure that UDP traffic is allowed through the firewall.

Properties for Firewall and Port Configuration

This table contains properties potentially involved in firewall behavior, with a brief description of each property. Click on a property name for a link to the and (GemFire Properties) reference topic.

Configuration area Property or Setting Definition
peer-to-peer config


Specifies whether sockets are shared by the system member's threads.

peer-to-peer config


The list of locators used by system members. The list must be configured consistently for every member of the distributed system.

peer-to-peer config


Address used to discover other members of the distributed system. Only used if mcast-port is non-zero. This attribute must be consistent across the distributed system.

peer-to-peer config


Port used, along with the mcast-address, for multicast communication with other members of the distributed system. If zero, multicast is disabled for member discovery and distribution.

peer-to-peer config


The range of ephemeral ports available for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.

peer-to-peer config


The TCP port to listen on for cache communications.

Configuration Area Property or Setting Definition
cache server config


Hostname or IP address to pass to the client as the location where the server is listening.

cache server config


Maximum number of client connections for the server. When the maximum is reached, the server refuses additional client connections.

cache server config

port (cache.xml) or --port parameter to the gfsh start server command

Port that the server listens on for client communication.

Default Port Configurations

Default Ports

Port Name

Related Configuration Setting

Default Port

Cache Server

port (cache.xml)



http-service-port 7070


start-locator (for embedded locators) or --port parameter to the gfsh start locator command. if not specified upon startup or in the start-locator property, uses default multicast port 10334

Membership Port Range

membership port range 1024 to 65535

Memcached Port

memcached-port not set


mcast port 10334


jmx-manager-port 1099


tcp-port ephemeral port