Citrix Virtual Apps and Desktops

Network ports

The following tables list the default network ports used by Delivery Controllers, Windows VDAs, Director, and Citrix License Server. When Citrix components are installed, the operating system’s host firewall is also updated, by default, to match these default network ports.

For an overview of communication ports used in other Citrix technologies and components, see CTX101810.

You may need this port information:

  • For regulatory compliance purposes.
  • If there is a network firewall between these components and other Citrix products or components, so you can configure that firewall appropriately.
  • If you use a third-party host firewall, such as one provided with an anti-malware package, rather than the operating system’s host firewall.
  • If you alter the configuration of the host firewall on these components (usually Windows Firewall Service).
  • If you reconfigure any features of these components to use a different port or port range, and then want to disable or block ports that are not used in your configuration. Refer to the documentation for the component for details.
  • For port information about other components such as StoreFront and Citrix Provisioning (formerly Provisioning Services), see the component’s current “System requirements” article.

The tables list only incoming ports. Outgoing ports are usually determined by the operating system and use unrelated numbers. Information for outgoing ports is not normally needed for the purposes listed above.

Some of these ports are registered with the Internet Assigned Numbers Authority (IANA). Details about these assignments are available at http://www.iana.org/assignments/port-numbers. However, the descriptive information held by IANA does not always reflect today’s usage.

Additionally, the operating system on the VDA and Delivery Controller require incoming ports for its own use. See the Microsoft Windows documentation for details.

VDA, Delivery Controller, and Director

Component Usage Protocol Default incoming port Notes
VDA ICA/HDX TCP, UDP 1494 EDT protocol requires 1494 to be open for UDP. See ICA policy settings.
VDA ICA/HDX with Session Reliability TCP, UDP 2598 EDT protocol requires 2598 to be open for UDP. If multi-stream and multi-port are enabled, the administrator defines the port numbers for the additional three streams. See ICA policy settings.
VDA ICA/HDX over TLS/DTLS TCP, UDP 443 All Citrix Workspace apps
VDA ICA/HDX over WebSocket TCP 8008 Citrix Workspace app for HTML5, and Citrix Workspace app for Chrome 1.6 and earlier only
VDA ICA/HDX audio over UDP Real-time Transport UDP 16500..16509  
VDA ICA/Universal Print Server TCP 7229 Used by the Universal Print Server print data stream CGP (Common Gateway Protocol) listener.
VDA ICA/Universal Print Server TCP 8080 Used by the Universal Print Server listener for incoming HTTP/SOAP requests.
VDA Wake On LAN UDP 9 Remote PC Access power management
VDA Wake Up Proxy TCP 135 Remote PC Access power management
VDA Delivery Controller TCP 80  
Delivery Controller VDA, StoreFront, Director, Studio TCP 80  
Delivery Controller StoreFront, Director, Studio over TLS TCP 443  
Delivery Controller Delivery Controller, VDA TCP 89 Local Host Cache (This use of port 89 might change in future releases.)
Delivery Controller Orchestration TCP 9095 Orchestration
Director Delivery Controller TCP 80, 443  

Citrix Licensing

The following ports are used for Citrix Licensing.

Component Usage Protocol Default incoming port
License Server License Server TCP 27000
License Server License Server for Citrix (vendor daemon) TCP 7279
License Server License Administration Console TCP 8082
License Server Web Services for Licensing TCP 8083
Network ports