Skip to main content
Version: v44

Load Balancer Ports and Protocols

To set up load balance traffic between PrivX instances in a high-availability (HA) deployment, choose the load balancing method based on the ports and PrivX components in your deployment:

  • If the deployment does not include PrivX components, such as Extender, Carrier, or Web-Proxy:

    • Use a load balancer with TCP/TLS support for all ports. For example, an AWS Network Load Balancer.
  • If the deployment includes PrivX components, such as Extender for routing to different VPNs or PrivX web connections:

    • Configure traffic to the PrivX port 443 to use HTTPS load balancing with affinity-cookie support and round-robin routing. This allows PrivX components to discover PrivX Servers through the load balancer, and it also maintains secure connections to the required PrivX Servers.
    • As an example in AWS, create a DNS name and use an Application Load Balancer for ports 80 and 443. Use a Network Load Balancer for the other ports. Native clients must use the Network Load Balancer address.
tip

For an example of an on-premises load balancer configuration, see Example Load Balancer Configuration: HAProxy.

PortProtocolUsage
80HTTP or TCPRedirecting traffic to HTTPS port and Windows CRL requests.
443HTTPS with affinity cookies or TLSFor PrivX components, HTTPS with affinity cookies; TLS if PrivX components are not required.
1080TCPSSH native client proxy address when using ProxyCommand
2222TCPNative SSH client connections
2322TCPExtender service SSH listener
3389TCPNative RDP client connections
8443TCPClient-certificate authentication to PrivX instances
20080TCPRelay proxy-protocol connections to API Proxy services