The Goverlan Reach remote access software uses a set of network TCP port numbers to communicate. This article describes the ports used and their purpose.
Default Goverlan Ports
By default, Goverlan uses the following port numbers:
| Service | Port Number | Description |
| Goverlan Client Agent | 22000 | Port opened on all machines equipped with the Goverlan Client Agent. This port is used to communicate with the Goverlan management services of this node when the node is inside the network. External nodes do not use this port as all communication is outbound to the server.
Note: On Windows endpoints, the Goverlan Client service automatically configures the local Windows firewall to authorize communication to this port (configurable via policies). |
| Goverlan Reach Server
(Optional) |
22100 | Port opened on the Goverlan Reach Server on the inside of your organization. This port is used by the Goverlan Reach operator console and the Goverlan Reach client agents to retrieve policies and push audits. This port must be accessible from all machines on the network (client and operator machines). |
| Goverlan Reach Gateway Services
(Optional) |
15155 | The Goverlan Reach gateway service exposes two network ports. Once on the inside of your organization and one on the outside of your DMZ. These ports are used to manage endpoints over the internet.
By default, both internal and external ports are configured to the same value. |
Goverlan may use ports required by Windows and Mac for agent management such as SMB or SSH. For more infomration, see the Goverlan Security White Paper
Changing Port Numbers
You can change the default port numbers used by Goverlan to a value of your choosing.
Changing Client Agent Communication Port
The recommended method to change the communication port used by the client agent is via a Group Policy Object, or via a Goverlan Reach Server Policy. However, you can also manually configure this port.
Changing Agent Port via a GPO
Once you have uploaded the provided Goverlan Group Policy Administrative Templates onto your Active Directory, expand:
- Computer Configuration > Policies > Administrative Templates
- Goverlan Global Policies
- Goverlan Client Agents Settings
- TCP Socket Ports used by the Goverlan Client Agents
- Goverlan Client Agents Settings
- Goverlan Global Policies
Changing Agent Port via a Global Policy
Select the Global Policies tab of your Goverlan Reach Server, then drag and drop the Goverlan Agents Configuration policy set into the All Users & Devices node in the main view. Then configure the desired communication port.
Changing Agent Port Manually
The agent port can manually be changed using the locally installed Windows Control Panel Applet or the MacOS Goverlan App.
For Windows:
- On the client machine side, open the Windows Control Panel > System and Security > Goverlan Client Configuration Control Panel applet, then change the Management Port setting.
For MacOS
- On the client machine side, search for the Goverlan Reach Client application and change the Management Port setting.
The agent port must also be changed on the Goverlan operator side
- On the Goverlan operator side, open Application > General Settings > Reach Client Agents and match the Agent communication port.
Changing the Goverlan Reach Server Ports
The Goverlan Reach Server default ports can be configured during the configuration of the server.
- Open the Application > Server Configuration > Server Settings to change the port used for policies and audits.
- Open the Application > Server Configuration > Reach Gateway Service to change the ports used for gateway communications.