Help Center/ Cloud Bastion Host/ FAQs/ Product Consulting/ How Can I Configure Ports for a Bastion Host?
Updated on 2025-09-04 GMT+08:00

How Can I Configure Ports for a Bastion Host?

To properly use a bastion host, configure the instance and resource security group ports by referring to Table 1.

  • During cross-version upgrade, ports 80, 8080, 443, and 2222 are automatically enabled for the instance. If you do not need to use these ports, disable them immediately after the upgrade.
  • During cross-version upgrade, ports 22, 31036, 31679, and 31873 are automatically enabled for the instance. After the upgrade, keep port 31679 enabled and disable other ports immediately if you do not need to use them.
Table 1 Inbound and outbound rule configuration reference

Scenario Description

Direction

Protocol/Application

Port

Accessing a bastion host through a web browser (HTTP and HTTPS)

NOTE:
  • If HTTPS is used, configure port 443 only.
  • HTTP automatically redirects requests to HTTPS. If HTTP is used, configure both ports 80 and 443. Otherwise, the automatic redirection will not take effect.

Inbound

TCP

Ports 80 and 443

Accessing a bastion host through Microsoft Terminal Services Client (MSTSC)

Inbound

TCP

53389

Accessing a bastion host through an SSH client

Inbound

TCP

2222

Accessing a bastion host through an FTP client

Inbound

TCP

2121 and 20000 to 21000

Accessing a bastion host through an SFTP client

Inbound

TCP

2222

Remotely accessing Linux cloud servers managed by a bastion host over SSH clients

Outbound

TCP

22

Remotely accessing Windows cloud servers managed by a bastion host over the RDP protocol

Outbound

TCP

3389

Accessing Oracle databases through a bastion host

Inbound

TCP

1521

Outbound

TCP

1521

Accessing MySQL databases through a bastion host

Inbound

TCP

33306

Outbound

TCP

3306

Accessing SQL Server databases through a bastion host

Inbound

TCP

1433

Outbound

TCP

1433

Accessing DB databases through a bastion host

Inbound

TCP

50000

Outbound

TCP

50000

Accessing GaussDB databases through a bastion host

Inbound

TCP

18000

Outbound

TCP

8000 and 18000

License servers

Outbound

TCP

9443

Huawei Cloud services

Outbound

TCP

443

Accessing a bastion host system through an SSH client in the same security group

Outbound

TCP

2222

SMS service

Outbound

TCP

10743 and 443

Domain name resolution service

Outbound

UDP

53

Accessing PGSQL databases through a bastion host

Inbound

TCP

15432

Outbound

TCP

5432

Accessing DM databases through a bastion host

Inbound

TCP

15236

Outbound

TCP

5236