Pivotal GemFire® v8.1

Firewalls and Ports

Firewalls and Ports

Make sure your port settings are configured correctly for firewalls.

For a server, there are two different port settings you may need to be concerned with regarding firewalls:

  • Port that the cache server listens on. This is configurable using the cache-server element in cache.xml, on the CacheServer class in java, and as a command line option to the gfsh start server command.
  • Locator port. GemFire clients can use the locator to automatically discover cache servers. The locator port is the same one that is configured for peer-to-peer messaging. The locator port is configurable in a command-line option to the gfsh start locator command.

For a client, you tell the client how to connect to the server using the pool options. In the client's pool configuration you can create a pool with either a list of server elements or a list of locator elements. For each element, you specify the host and port to connect to.

By default, GemFire clients and servers discover each other on a pre-defined port (40404) on the localhost.

Each gateway receiver uses a port to listen for incoming communication from one or more gateway senders communication between GemFire sites.

Limiting Ephemeral Ports for Peer-to-Peer Membership

By default, GemFire assigns ephemeral ports, that is, temporary ports assigned from a designated range, which can encompass a large number of possible ports. When a firewall is present, the ephemeral port range usually must be limited to a much smaller number, for example six. If you are configuring P2P communications through a firewall, you must also set each the tcp port for each process and ensure that UDP traffic is allowed through the firewall.

Properties for Firewall and Port Configuration

This table contains properties potentially involved in firewall behavior, with a brief description of each property. Click on a property name for a link to the and (GemFire Properties) reference topic.

Configuration area Property or Setting Definition
peer-to-peer config


Specifies whether sockets are shared by the system member's threads.

peer-to-peer config


The list of locators used by system members. The list must be configured consistently for every member of the distributed system.

peer-to-peer config


Address used to discover other members of the distributed system. Only used if mcast-port is non-zero. This attribute must be consistent across the distributed system.

peer-to-peer config


Port used, along with the mcast-address, for multicast communication with other members of the distributed system. If zero, multicast is disabled for member discovery and distribution.

peer-to-peer config


The range of ephemeral ports available for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.

peer-to-peer config


The TCP port to listen on for cache communications.

Configuration Area Property or Setting Definition
cache server config


Hostname or IP address to pass to the client as the location where the server is listening.

cache server config


Maximum number of client connections for the server. When the maximum is reached, the server refuses additional client connections.

cache server config

port (cache.xml) or --port parameter to the gfsh start server command

Port that the server listens on for client communication.

Configuration Area Property or Setting Definition
multi-site (WAN) config


Hostname or IP address of the gateway receiver used by gateway senders to connect.

multi-site (WAN) config remote-locators

List of locators (and their ports) that are available on the remote WAN site.

multi-site (WAN) config

start-port and end-port (cache.xml) or --start-port and --end-port parameters to the gfsh start gateway receiver command

Port range that the gateway receiver can use to listen for gateway sender communication.

Default Ports

Port Name

Related Configuration Setting

Default Port

Cache Server

port (cache.xml)


Gateway Receiver

start-port and end-port (cache.xml) or --start-port and --end-port parameters to the gfsh start gateway receiver command

not set Each gateway receiver uses a single port to accept connections from gateway senders in other systems. However, the configuration of a gateway receiver specifies a range of possible port values to use. GemFire selects an available port from the specified range when the gateway receiver starts. Configure your firewall so that the full range of possible port values is accessible by gateway senders from across the WAN.


http-service-port 7070


start-locator (for embedded locators) or --port parameter to the gfsh start locator command. if not specified upon startup or in the start-locator property, uses default multicast port 10334

Membership Port Range

membership port range 1024 to 65535

Memcached Port

memcached-port not set


mcast port 10334


jmx-manager-port 1099


tcp-port ephemeral port

For more information, see the following sections: