Help Center/ Cloud Bastion Host/ FAQs/ Product Consulting/ How Can I Configure Ports for a Bastion Host?

Updated on 2025-09-04 GMT+08:00

View PDF

How Can I Configure Ports for a Bastion Host?

To properly use a bastion host, configure the instance and resource security group ports by referring to Table 1.

During cross-version upgrade, ports 80, 8080, 443, and 2222 are automatically enabled for the instance. If you do not need to use these ports, disable them immediately after the upgrade.
During cross-version upgrade, ports 22, 31036, 31679, and 31873 are automatically enabled for the instance. After the upgrade, keep port 31679 enabled and disable other ports immediately if you do not need to use them.

**Table 1** Inbound and outbound rule configuration reference
Scenario Description	Direction	Protocol/Application	Port
Accessing a bastion host through a web browser (HTTP and HTTPS) NOTE: If HTTPS is used, configure port 443 only. HTTP automatically redirects requests to HTTPS. If HTTP is used, configure both ports 80 and 443. Otherwise, the automatic redirection will not take effect.	Inbound	TCP	Ports 80 and 443
Accessing a bastion host through Microsoft Terminal Services Client (MSTSC)	Inbound	TCP	53389
Accessing a bastion host through an SSH client	Inbound	TCP	2222
Accessing a bastion host through an FTP client	Inbound	TCP	2121 and 20000 to 21000
Accessing a bastion host through an SFTP client	Inbound	TCP	2222
Remotely accessing Linux cloud servers managed by a bastion host over SSH clients	Outbound	TCP	22
Remotely accessing Windows cloud servers managed by a bastion host over the RDP protocol	Outbound	TCP	3389
Accessing Oracle databases through a bastion host	Inbound	TCP	1521
Accessing Oracle databases through a bastion host	Outbound	TCP	1521
Accessing MySQL databases through a bastion host	Inbound	TCP	33306
Accessing MySQL databases through a bastion host	Outbound	TCP	3306
Accessing SQL Server databases through a bastion host	Inbound	TCP	1433
Accessing SQL Server databases through a bastion host	Outbound	TCP	1433
Accessing DB databases through a bastion host	Inbound	TCP	50000
Accessing DB databases through a bastion host	Outbound	TCP	50000
Accessing GaussDB databases through a bastion host	Inbound	TCP	18000
Accessing GaussDB databases through a bastion host	Outbound	TCP	8000 and 18000
License servers	Outbound	TCP	9443
Huawei Cloud services	Outbound	TCP	443
Accessing a bastion host system through an SSH client in the same security group	Outbound	TCP	2222
SMS service	Outbound	TCP	10743 and 443
Domain name resolution service	Outbound	UDP	53
Accessing PGSQL databases through a bastion host	Inbound	TCP	15432
Accessing PGSQL databases through a bastion host	Outbound	TCP	5432
Accessing DM databases through a bastion host	Inbound	TCP	15236
Accessing DM databases through a bastion host	Outbound	TCP	5236

Parent topic: Product Consulting

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel