Knowledgebase: Pre-Sales
Firewall and Port Configuration for Amazon EC2 Instances using Security Groups
Posted by John Tkaczewski, Last modified by Aly Essa on 24 July 2018 01:01 PM


Every instance that is deployed on Amazon EC2 must have Firewall and specific ports configured. By default, most of the ports that are needed are not open for TCP or UDP connections. The FileCatalyst Server, FileCatalyst Workflow, and FileCatalyst Webmail deployments all need to have their respective ports opened for connectivity and data transfer.

This article will walk you through a typical security group setup for an Amazon EC2 instance.

The default ports for FileCatalyst Direct are:

  • Port 21 for TCP.
    This is used as the communication channel. Port 21 is a default specified in the FileCatalyst Server and is not secure. You can change this as long as both FileCatalyst Server and Client Applications are using the same port.

  • Port 22 for TCP.
    This port is used for SSH connections.

  • Port 990 for TCP.
    This Port is secured over SSL and is also used as the communication channel. The default value of 990 can also be changed in the FileCatalyst Server Remote Admin Application.

  • Port range 8000-8999 for TCP and UDP.
    Some firewalls and NAT devices require setting up 2 separate rules and others allow you to specify TCP and UDP. These ports are used to transfer the Data to and from the FileCatalyst Server and is commonly referred to as the Data Channel. 
  • Port 12400 for TCP.
    This is the Remote Admin Port. This port is exclusive to the FileCatalyst Server Remote Admin Application.

  • Port 12480 for TCP.
    The internal Web Server uses this port to broadcast all communications. The Admin Applet, Link, and Servlet are hosted from this Web Server.

The default ports for FileCatalyst Workflow/Webmail are:

  • Port 80 for TCP.
    HTTP inbound connections are accepted by the Tomcat Web Server on this port. 
  • Port 443 for TCP.
    HTTPS connections and secured communication to the Tomcat Web Server use this port. 



FileCatalyst Direct Suite v3.5 and later.

FileCatalyst Workflow v4.9.5 and later.

FileCatalyst Webmail v4.9.4 and later.

Linux and Windows Environments.




  1. Log into your AWS Console. Click on Security Groups on the left-hand side.

  2. Click on the Create Security Group button, see the attached illustration below.

  3. Specify the Security Group Name and Description.

  4. Hit Add Rule to add your first port. Here is an example of adding a single port 21 on TCP for a connection originating from anywhere.

  5. This is an example of how to add a range of ports. We have added the FileCatalyst Data Port range for both TCP and UDP.

  6. Once all your Firewall Rules have been added, hit the Create button.

  7. Using the Security Group Name, you can add this of Firewall Rules to your EC2 Instance.

Quick Start Guide: How to add External File System Storage on the FileCatalyst Server