1. Home
  2. Goverlan Reach & MDM User Guides
  3. Network Ports used by Goverlan Reach

Network Ports used by Goverlan Reach

The Goverlan Reach remote access software uses a set of network TCP port numbers to communicate. This article describes the ports used and their purpose.

Default Goverlan Ports

By default, Goverlan uses the following port numbers:

Service Port Number Description
Goverlan Client Agent 22000 Port opened on all machines equipped with the Goverlan Client Agent. This port is used to communicate with the Goverlan management services of this node when the node is inside the network. External nodes do not use this port as all communication is outbound to the server.

Note: On Windows endpoints, the Goverlan Client service automatically configures the local Windows firewall to authorize communication to this port (configurable via policies).

Goverlan Reach Server


22100 Port opened on the Goverlan Reach Server on the inside of your organization. This port is used by the Goverlan Reach operator console and the Goverlan Reach client agents to retrieve policies and push audits. This port must be accessible from all machines on the network (client and operator machines).
Goverlan Reach Gateway Services


15155 The Goverlan Reach gateway service exposes two network ports. Once on the inside of your organization and one on the outside of your DMZ. These ports are used to manage endpoints over the internet. 

By default, both internal and external ports are configured to the same value.


Goverlan may use ports required by Windows and Mac for agent management such as SMB or SSH. For more infomration, see the Goverlan Security White Paper

Changing Port Numbers

You can change the default port numbers used by Goverlan to a value of your choosing.

Changing Client Agent Communication Port

The recommended method to change the communication port used by the client agent is via a Group Policy Object, or via a Goverlan Reach Server Policy. However, you can also manually configure this port.

Changing Agent Port via a GPO

Once you have uploaded the provided Goverlan Group Policy Administrative Templates onto your Active Directory, expand:

  • Computer Configuration > Policies > Administrative Templates
    • Goverlan Global Policies
      • Goverlan Client Agents Settings
        • TCP Socket Ports used by the Goverlan Client Agents

Changing Agent Port via a Global Policy

Select the Global Policies tab of your Goverlan Reach Server, then drag and drop the Goverlan Agents Configuration policy set into the All Users & Devices node in the main view. Then configure the desired communication port.

Changing Agent Port Manually

The agent port can manually be changed using the locally installed Windows Control Panel Applet or the MacOS Goverlan App.

For Windows:

  • On the client machine side, open the Windows Control Panel > System and Security > Goverlan Client Configuration Control Panel applet, then change the Management Port setting.

For MacOS

  • On the client machine side, search for the Goverlan Reach Client application and change the Management Port setting.

The agent port must also be changed on the Goverlan operator side

  • On the Goverlan operator side, open Application > General Settings > Reach Client Agents and match the Agent communication port.

Changing the Goverlan Reach Server Ports

The Goverlan Reach Server default ports can be configured during the configuration of the server.

  • Open the Application > Server Configuration > Server Settings to change the port used for policies and audits.
  • Open the Application > Server Configuration > Reach Gateway Service to change the ports used for gateway communications.


Updated on March 16, 2021

Related Articles