Make sure your port settings are configured correctly for firewalls.

There are several different port settings that need to be considered when using firewalls:

  • Port that the cache server listens on. This is configurable using the cache-server element in cache.xml, on the CacheServer class in Java APIs, and as a command line option to the gfsh start server command.

    By default, if not otherwise specified, GemFire clients and servers discover each other on a pre-defined port (40404) on the localhost.

  • Locator port. GemFire clients can use the locator to automatically discover cache servers. The locator port is configurable as a command-line option to the gfsh start locator command. Locators are used in the peer-to-peer cache deployments to discover other processes. They can be used by clients to locate servers as an alternative to configuring clients with a collection of server addresses and ports.

    By default, if not otherwise specified, GemFire locators use the default port 10334.

  • Since locators start up the cluster, locators must also have their ephemeral port range and TCP port accessible to other members through the firewall.

  • For clients, you configure the client to connect to servers using the client’s pool configuration. The client’s pool configuration has two options: you can create a pool with either a list of server elements or a list of locator elements. For each element, you specify the host and port. The ports specified must be made accessible through your firewall.

Limiting Ephemeral Ports for Peer-to-Peer Membership

By default, GemFire assigns ephemeral ports, that is, temporary ports assigned from a designated range, which can encompass a large number of possible ports. When a firewall is present, the ephemeral port range usually must be limited to a much smaller number, for example six. If you are configuring P2P communications through a firewall, you must also set the TCP port for each process.

Properties for Firewall and Port Configuration

This table contains properties potentially involved in firewall behavior, with a brief description of each property.

Configuration area Property or Setting Definition
peer-to-peer config


Specifies whether sockets are shared by the system member's threads.

peer-to-peer config


The list of locators used by system members. The list must be configured consistently for every member of the cluster.

peer-to-peer config


The range of ephemeral ports available membership communication and TCP failure detection in the peer-to-peer cluster.

peer-to-peer config


The TCP port to listen on for cache communications.

Configuration Area Property or Setting Definition
cache server config


Hostname or IP address to pass to the client as the location where the server is listening.

cache server config


Maximum number of client connections for the server. When the maximum is reached, the server refuses additional client connections.

cache server config

port (cache.xml) or --port parameter to the gfsh start server command

Port that the server listens on for client communication.

Default Port Configurations

Port Name

Related Configuration Setting

Default Port

Cache Server

port (cache.xml)



http-service-port 7070


start-locator (for embedded locators) or --port parameter to the gfsh start locator command. if not specified upon startup or in the start-locator property, uses default port 10334

Membership Port Range

membership-port-range 41000 to 61000

Memcached Port

memcached-port not set


jmx-manager-port 1099


tcp-port ephemeral port

Properties for Firewall and Port Configuration in Multi-Site (WAN) Configurations

Each gateway receiver uses a single port to accept connections from gateway senders in other systems. The configuration of a gateway receiver specifies a range of possible port values to use. GemFire selects an available port from the specified range when the gateway receiver starts. Configure your firewall so that the full range of possible port values is accessible by gateway senders from across the WAN.

Configuration Area Property or Setting Definition
multi-site (WAN) config for gateway sender hostname-for-senders Hostname or IP address of the gateway receiver used by gateway senders to connect.
multi-site (WAN) config for locator remote-locators List of locators (and their ports) that are available on the remote WAN site.
multi-site (WAN) config for gateway receiver start-port and end-port (cache.xml) or –start-port and –end-port parameters to the gfsh start gateway receiver command Port range that the gateway receiver can use to listen for gateway sender communication.
check-circle-line exclamation-circle-line close-line
Scroll to top icon