Ports

Qlik Sense Enterprise and Qlik Sense Enterprise for Windows use ports to communicate between web browsers (users) and proxies, and between services in single and multi-node deployments.

참고: Qlik Sense Enterprise for elastic deployments runs on a Kubernetes cluster which has no specific port requirements that are different to any other application that is hosted on Kubernetes. For more general information on Kubernetes ports requirements, see the Kubernetes cluster documentation.

Ports overview

The following table is an overview of the ports used in a Qlik Sense deployment.

  Component Inbound Outbound Internal only
Qlik Sense Proxy Service (QPS)

80 (HTTP)

443 (HTTPS)

4243 (REST API)

4239 (QRS websocket)

4242 (QRS REST API)

4747 (Engine)

4899 (Printing)

4900 (Broker)

4949 (Data profiling)

7070 (Logging service)

4244 (Windows authentication)
Qlik Sense Engine Service (QES)

4747 (QES listen port)

7070 (Logging service)

4242 (QRS REST API)

4748 (notifications from QRS)

Qlik Sense Repository Service (QRS)

4242 (REST API)

4239 (from QPS - websocket)

4444 (Setup API - inbound on rim nodes)

4899 (from QPR)

 

4242 (REST API)

4243 (Proxy REST API)

4444 (Setup API – outbound on central node)

4747 (Engine)

4748 (Engine notification API)

5050 (Scheduler master API)

7070 (Logging service)

4545 (Migration service)

4570 (Certificate unlock)

Qlik Sense Scheduler Service (QSS)

5050 (Master REST API)

5151 (Slave REST API)

5252 (Monitoring API - optional)

4242 (QRS REST API)

7070 (Logging Service)

5050 (Slave to Master)

5151 (Master to Slave)

No additional ports.
Qlik Sense Repository Database (QRD) 4432 (default listen port for database connections)   No additional ports.
Qlik Sense Printing service (QPR)

4899 (QPR listen port)

 

443 (Sense web server - proxy)

4242 (QRS REST API)

8088 (CEF debugging)

Qlik Sense Service Dispatcher (QSD)

Starts up the following services:

 

Broker service

4900  

3003 (Converter service)

4545 (App migration)

4555 (Chart sharing)

4949 (Data profiling)

9028 (Hub service)

9031 (Capability service)

9032 (About Service)

9079 (Depgraph service)

9090 (DownloadPrep)

9098 (On-demand app service)

9080 (Web extension service)

9041 (Connector registry proxy - server)

9051 (Connector registry proxy - desktop)

21060 (Resource Distribution Service)

5928 (QSE Event Processor)

  Data profiling service 4949 (listen port for REST API and websocket)  

4242 (QRS REST API)

4747 (QES)

  App Distribution Service   5926 No additional ports.
  Hybrid Deployment Service   5927 No additional ports.
  Hybrid Setup Console - HSC 5929   No additional ports.
  Entitlement Provisioning Service - EPS   5930 No additional ports.
참고: To allow access to the file share, ensure that you open the Microsoft Windows SMB port 445.

Ports used internally within a node

The ports in the following table are used between Qlik Sense services that run on the same node. In most cases, the ports do not have to be open through any firewalls.

Service Port Direction Purpose
Converter Service 3003 Internal

This port is used by the Converter Service which is utilized by QlikView converter.

QPS 4243 Inbound

Qlik Sense Proxy Service (QPS) REST API listen port.

If web ticketing is used for security, this port is used by the software or service that requests tickets for users. If the software or service is remote, this port needs to be open to the location from which it is called.

QRD 4432

Internal

Default listen port for the Qlik Sense Repository Database (QRD).

With shared persistence, this port is used to listen for connections from the Qlik Sense Repository Service (QRS).

Migration Service 4545 Internal

This port is used by the Migration Service for app migration purposes. The service is launched and managed by the Qlik Sense Service Dispatcher (QSD) when required.

The Migration Service only runs on the central node.

Chart Sharing Service 4555 Internal

This port is used by the Chart Sharing Service for chart sharing between Qlik Sense users. The service is launched and managed by the Qlik Sense Service Dispatcher (QSD) when required.

This port uses HTTPS for communication.

QRS 4570 Internal

Certificate password verification port, only used within multi-node sites by Qlik Sense Repository Services (QRSs) on rim nodes to receive the password that unlocks a distributed certificate. The port can only be accessed from localhost and it is closed immediately after the certificate has been unlocked. The communication is always unencrypted.

QES 4748 Internal This callback port is used by the Qlik Sense Repository Service (QRS) for sending HTTP events to the Qlik Sense Engine Service (QES).
Data Profiling Service 4949 Internal This port is used by the Data Profiling Service to access and modify the app load data model. It communicates directly with the Qlik Sense Engine Service (QES) on the node.
Broker Service 4900 Internal Default listen port for the Broker Service.
Hub Service 9028 Internal Default listen port for the Hub Service.
Capability Service 9031 Internal This port is used by the Capability Service to handle Qlik Sense system feature configuration.
About Service 9032 Internal Default listen port for inbound calls to the About Service.
Depgraph Service 9079 Internal This port is used by the Service Dispatcher launched microservices.
Web Extension Service 9080 Internal Default listen port for the Web Extension Service.
DownloadPrep 9090 Internal his port is used by the Service Dispatcher launched microservices.
On-demand App Service 9098 Internal Default listen port for the On-demand App Service.

Connector registry proxy (server)

9041 Internal This port is used by the distributed connectivity service for discovering and listing connectors.

Connector registry proxy (desktop)

9051 Internal This port is used by the distributed connectivity service for discovering and listing connectors.

Ports used from user web browser

The default ports are exposed to the Qlik Sense users and need to be open through any firewalls in the site.

Service Port Direction Purpose Host
QPS 443 Inbound Inbound user web traffic when using HTTPS. Qlik Sense Proxy Service (QPS) in the site.
QPS 80 Inbound Inbound user web traffic when using HTTP (optional). Qlik Sense Proxy Service (QPS) in the site.
Map 443 Inbound User web traffic for standard map background. For users hosting their own map server, use the name of the host server. maps.qlikcloud.com
Map 443 Inbound User web traffic for satellite map background. services.arcgisonline.com

Ports used between nodes and Qlik Sense services

The ports in this section are used for communication between the Qlik Sense services.

In a single node site, all ports listed in this section are used by the various services, but do not need access through firewalls.

In a multi-node site, the ports in use vary depending on the services installed and running on each node. The ports need to be open in any firewalls between the nodes, but do not have to be open to the Qlik Sense users.

Minimum ports used for communication in multi-node sites

The following ports must always be open between the nodes in a multi-node site. The ports must be open to allow for service health, and some specific operations.

Service Port Direction Purpose
QRS 4242

Bi-directional between the central node and all proxy nodes

This port is used for a number of operations including new user registration.
QRD 4432 Inbound from Qlik Sense nodes to the repository database The default listen port used by all nodes in a site for connecting to the Qlik Sense Repository Database.
QRS 4444 Between the central node and all rim nodes

This port has two functions:

  • Security distribution port, only used by Qlik Sense Repository Services (QRSs) on rim nodes to receive a certificate from the master QRS on the central node. The communication is always unencrypted, but the transferred certificate package is password-protected.

  • Qlik Sense Repository Service (QRS) state port, used to fetch the state of a QRS in a Qlik Sense site. The state is fetched using http://localhost:4444/status/servicestate.

    The returned state is one of the following:

    • 0: Initializing. Once the node has been initialized, the node state changes into one of the other states.
    • 1: Certificates not installed. There are no certificates installed on the node. The node stays in this state until it has received the certificate and the certificate password.
    • 2: Running. The node is up and running and all APIs have been initiated.

Ports used between master and slave schedulers

The ports in the following table are used when a slave Qlik Sense Scheduler Service (QSS) is used.

Service Port Direction Purpose
QSS 5050 Inbound (from scheduler nodes only)

This port is used by the master QSS on the central node to issue commands to and receive replies from slave QSS nodes.

QSS 5151 Inbound (from the central node only)

A slave QSS runs on a slave scheduler node and is accessed only by the master QSS on the central node.

Ports used between a proxy node and an engine node

The ports in the following table define the minimum needed to allow regular user traffic and load balancing between a proxy node and an engine node.

Service Port Direction Purpose
QES 4747 Inbound (from proxy nodes)

Qlik Sense Engine Service (QES) listen port. This is the main port used by the QES.

The port is used via the Qlik Sense Proxy Service (QPS) for communication with the Qlik Sense clients.

QRS 4239 Inbound (from proxy nodes)

Qlik Sense Repository Service (QRS) WebSocket port.

The port is used via the Qlik Sense Proxy Service (QPS) by the Qlik Sense hub to obtain apps and stream lists.

QRS 4242 Inbound (from proxy nodes)

Qlik Sense Repository Service (QRS) REST API listen port.

This port is mainly accessed by local Qlik Sense services. However, the port must be open to all proxy nodes in a multi-node site to deliver images and static content.

Data Profiling Service 4949 Inbound (from proxy nodes)

This port is used by the Data Profiling Service when accessing and modifying the application load model. The service is launched and managed by the Qlik Sense Service Dispatcher (QSD) when required.

The port is access via the Qlik Sense Proxy Service (QPS).

Broker Service 4900 Inbound (from proxy nodes) Default listen port for the Broker Service.
Hub Service 9028 Inbound (from proxy nodes) Default listen port for the Hub Service. Open for local services such as the broker service on the engine node.

Ports used between a proxy node and a node running the printing service

The Qlik Sense Printing Service (QPR) may be installed on the same node as other services or on a separate node. The ports in the following table must be accessible between a QPS and all QPRs to which the QPS can load balance traffic.

Service Port Direction Purpose
QPR 4899 Inbound (from proxy nodes)

Qlik Sense Printing Service (QPR) port.

This port is used for printed export in Qlik Sense. The port is accessed by any node that runs a QPS.

Qlik Sense Desktop ports

The following ports are used by Qlik Sense Desktop.

Component Port Direction
Qlik Associative Engine 9076 Internal
Migration Service 9074 Internal
DataPrep Service 9072 Internal
Broker Service (Desktop) 4848 Internal/inbound
Capability Service 9075 Internal
About Service 9078 Internal
Broker Service 9070 Internal
NPrinting 9073 Internal
Hub Service 9071 Internal
Converter Service 9077 Internal
Dependency Graph Service 9033 Internal
Web Extension Service 9034 Internal
Connector Registry Proxy 9051 Internal

Ports examples

This section provides examples of the ports that are used in different Qlik Sense deployments.

참고: The diagrams in this section do not show all outbound proxy node ports. For a full list of proxy node ports see the Ports overview table.

Single node site

This example shows the ports that are used in a single node site.

 

Multi-node site

The following is an example of the ports that are used in a multi-node site that consists of five nodes.

Proxy node in demilitarized zone

This example shows the ports that are used in a multi-node site when deploying a proxy node in a demilitarized zone.

Separate proxy and engine node

This example shows the ports that are used in a multi-node site when deploying a separate proxy and engine node.

High availability proxy and engine nodes

This example shows the ports that are used in a multi-node site when deploying more than one proxy and engine node.

Separate scheduler node and high availability proxy and engine nodes

This example shows the ports that are used in a multi-node site when deploying a separate scheduler node and more than one proxy and engine node.

Separate proxy and scheduler nodes and high availability engine nodes

This example shows the ports that are used in a multi-node site when deploying separate proxy and scheduler nodes and more than one engine node.

Generic scale out

This example shows the ports that are used in a multi-node site when scaling the site by adding additional proxy, engine, or scheduler nodes.