Ports
Qlik Sense uses ports to communicate between web browsers (users) and proxies, and between services in single and multi-node deployments.
Ports overview
The following table is an overview of the ports used in a Qlik Sense deployment.
Component | Inbound | Outbound | Internal only | |
Qlik Sense Proxy Service (QPS) |
80 (HTTP) 443 (HTTPS) 4243 (REST API) |
4239 (QRS websocket) 4242 (QRS REST API) 4747 (Engine) 4899 (Printing) 4900 (Broker) 4949 (Data profiling) 7070 (Logging service) |
4244 (Windows authentication) | |
Qlik Sense Engine Service (QES) |
4747 (QES listen port) |
7070 (Logging service) |
4242 (QRS REST API) 4748 (notifications from QRS) |
|
Qlik Sense Repository Service (QRS) |
4242 (REST API) 4239 (from QPS - websocket) 4444 (Setup API - inbound on rim nodes) 4899 (from QPR)
|
4242 (REST API) 4243 (Proxy REST API) 4444 (Setup API – outbound on central node) 4747 (Engine) 4748 (Engine notification API) 5050 (Scheduler master API) 7070 (Logging service) |
4545 (Migration service) 4570 (Certificate unlock) |
|
Qlik Sense Scheduler Service (QSS) |
5050 (Master REST API) 5151 (Slave REST API) 5252 (Monitoring API - optional) |
4242 (QRS REST API) 7070 (Logging Service) 5050 (Slave to Master) 5151 (Master to Slave) |
No additional ports. | |
Qlik Sense Repository Database (QRD) | 4432 (default listen port for database connections) | No additional ports. | ||
Qlik Sense Printing service (QPR) |
4899 (QPR listen port) |
|
443 (Sense web server - proxy) 4242 (QRS REST API) 8088 (CEF debugging) |
|
Qlik Sense Service Dispatcher (QSD) Starts up the following services: |
||||
Broker service |
4900 |
3003 (Converter service) 4545 (App migration) 4555 (Chart sharing) 4949 (Data profiling) 9028 (Hub service) 9031 (Capability service) 9032 (About Service) 9079 (Depgraph service) 9090 (DownloadPrep) 9098 (On-demand app service) 9080 (Web extension service) 9041 (Connector registry proxy - server) 9051 (Connector registry proxy - desktop) |
||
Data profiling service | 4949 (listen port for REST API and websocket) |
4242 (QRS REST API) 4747 (QES) |
Ports used internally within a node
The ports in the following table are used between Qlik Sense services that run on the same node. In most cases, the ports do not have to be open through any firewalls.
Service | Port | Direction | Purpose |
---|---|---|---|
Converter Service | 3003 | Internal |
This port is used by the Converter Service which is utilized by QlikView converter. |
QPS | 4243 | Inbound |
Qlik Sense proxy service (QPS) REST API listen port. If web ticketing is used for security, this port is used by the software or service that requests tickets for users. If the software or service is remote, this port needs to be open to the location from which it is called. |
QRD | 4432 |
Internal |
Default listen port for the Qlik Sense repository database (QRD). With shared persistence, this port is used to listen for connections from the Qlik Sense repository service (QRS). |
Migration Service | 4545 | Internal |
This port is used by the Migration Service for app migration purposes. The service is launched and managed by the Qlik Sense service dispatcher (QSD) when required. The Migration Service only runs on the central node. |
Chart Sharing Service | 4555 | Internal |
This port is used by the Chart Sharing Service for chart sharing between Qlik Sense users. The service is launched and managed by the Qlik Sense service dispatcher (QSD) when required. This port uses HTTPS for communication. |
QRS | 4570 | Internal |
Certificate password verification port, only used within multi-node sites by Qlik Sense repository services (QRSs) on rim nodes to receive the password that unlocks a distributed certificate. The port can only be accessed from localhost and it is closed immediately after the certificate has been unlocked. The communication is always unencrypted. |
QES | 4748 | Internal | This callback port is used by the Qlik Sense repository service (QRS) for sending HTTP events to the Qlik Sense engine service (QES). |
Data Profiling Service | 4949 | Internal | This port is used by the Data Profiling Service to access and modify the app load data model. It communicates directly with the Qlik Sense engine service (QES) on the node. |
Broker Service | 4900 | Internal | Default listen port for the Broker Service. |
Hub Service | 9028 | Internal | Default listen port for the Hub Service. |
Capability Service | 9031 | Internal | This port is used by the Capability Service to handle Qlik Sense system feature configuration. |
About Service | 9032 | Internal | Default listen port for inbound calls to the About Service. |
Depgraph Service | 9079 | Internal | This port is used by the Service Dispatcher launched microservices. |
Web Extension Service | 9080 | Internal | Default listen port for the Web Extension Service. |
DownloadPrep | 9090 | Internal | his port is used by the Service Dispatcher launched microservices. |
On-demand App Service | 9098 | Internal | Default listen port for the On-demand App Service. |
Connector registry proxy (server) |
9041 | Internal | This port is used by the distributed connectivity service for discovering and listing connectors. |
Connector registry proxy (desktop) |
9051 | Internal | This port is used by the distributed connectivity service for discovering and listing connectors. |
Ports used from user web browser
The default ports are exposed to the Qlik Sense users and need to be open through any firewalls in the site.
Service | Port | Direction | Purpose | Host |
---|---|---|---|---|
QPS | 443 | Inbound | Inbound user web traffic when using HTTPS. | Qlik Sense proxy service (QPS) in the site. |
QPS | 80 | Inbound | Inbound user web traffic when using HTTP (optional). | Qlik Sense proxy service (QPS) in the site. |
Map | 443 | Inbound | User web traffic for standard map background. For users hosting their own map server, use the name of the host server. | maps.qlikcloud.com |
Map | 443 | Inbound | User web traffic for satellite map background. | services.arcgisonline.com |
Ports used between nodes and Qlik Sense services
The ports in this section are used for communication between the Qlik Sense services.
In a single node site, all ports listed in this section are used by the various services, but do not need access through firewalls.
In a multi-node site, the ports in use vary depending on the services installed and running on each node. The ports need to be open in any firewalls between the nodes, but do not have to be open to the Qlik Sense users.
Minimum ports used for communication in multi-node sites
The following ports must always be open between the nodes in a multi-node site. The ports must be open to allow for service health, and some specific operations.
Service | Port | Direction | Purpose |
---|---|---|---|
QRS | 4242 |
Bi-directional between the central node and all proxy nodes |
This port is used for a number of operations including new user registration. |
QRD | 4432 | Inbound from Qlik Sense nodes to the repository database | The default listen port used by all nodes in a site for connecting to the Qlik Sense repository database. |
QRS | 4444 | Between the central node and all rim nodes |
This port has two functions:
|
Ports used between master and slave schedulers
The ports in the following table are used when a slave Qlik Sense scheduler service (QSS) is used.
Service | Port | Direction | Purpose |
---|---|---|---|
QSS | 5050 | Inbound (from scheduler nodes only) |
This port is used by the master QSS on the central node to issue commands to and receive replies from slave QSS nodes. |
QSS | 5151 | Inbound (from the central node only) |
A slave QSS runs on a slave scheduler node and is accessed only by the master QSS on the central node. |
Ports used between a proxy node and an engine node
The ports in the following table define the minimum needed to allow regular user traffic and load balancing between a proxy node and an engine node.
Service | Port | Direction | Purpose |
---|---|---|---|
QES | 4747 | Inbound (from proxy nodes) |
Qlik Sense engine service (QES) listen port. This is the main port used by the QES. The port is used via the Qlik Sense proxy service (QPS) for communication with the Qlik Sense clients. |
QRS | 4239 | Inbound (from proxy nodes) |
Qlik Sense repository service (QRS) WebSocket port. The port is used via the Qlik Sense proxy service (QPS) by the Qlik Sense hub to obtain apps and stream lists. |
QRS | 4242 | Inbound (from proxy nodes) |
Qlik Sense repository service (QRS) REST API listen port. This port is mainly accessed by local Qlik Sense services. However, the port must be open to all proxy nodes in a multi-node site to deliver images and static content. |
Data Profiling Service | 4949 | Inbound (from proxy nodes) |
This port is used by the Data Profiling Service when accessing and modifying the application load model. The service is launched and managed by the Qlik Sense service dispatcher (QSD) when required. The port is access via the Qlik Sense proxy service (QPS). |
Broker Service | 4900 | Inbound (from proxy nodes) | Default listen port for the Broker Service. |
Hub Service | 9028 | Inbound (from proxy nodes) | Default listen port for the Hub Service. Open for local services such as the broker service on the engine node. |
Ports used between a proxy node and a node running the printing service
The Qlik Sense printing service (QPR) may be installed on the same node as other services or on a separate node. The ports in the following table must be accessible between a QPS and all QPRs to which the QPS can load balance traffic.
Service | Port | Direction | Purpose |
---|---|---|---|
QPR | 4899 | Inbound (from proxy nodes) |
Qlik Sense printing service (QPR) port. This port is used for printed export in Qlik Sense. The port is accessed by any node that runs a QPS. |
Ports examples
This section provides examples of the ports that are used in different Qlik Sense deployments.
Single node site
This example shows the ports that are used in a single node site.
Multi-node site
The following is an example of the ports that are used in a multi-node site that consists of five nodes.
Proxy node in demilitarized zone
This example shows the ports that are used in a multi-node site when deploying a proxy node in a demilitarized zone.
Separate proxy and engine node
This example shows the ports that are used in a multi-node site when deploying a separate proxy and engine node.
High availability proxy and engine nodes
This example shows the ports that are used in a multi-node site when deploying more than one proxy and engine node.
Separate scheduler node and high availability proxy and engine nodes
This example shows the ports that are used in a multi-node site when deploying a separate scheduler node and more than one proxy and engine node.
Separate proxy and scheduler nodes and high availability engine nodes
This example shows the ports that are used in a multi-node site when deploying separate proxy and scheduler nodes and more than one engine node.
Generic scale out
This example shows the ports that are used in a multi-node site when scaling the site by adding additional proxy, engine, or scheduler nodes.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!