Load Balancer Ports and Protocols
To set up load balance traffic between PrivX instances in a high-availability (HA) deployment, choose the load balancing method based on the ports and PrivX components in your deployment:
-
If the deployment does not include PrivX components, such as Extender, Carrier, or Web-Proxy:
- Use a load balancer with TCP/TLS support for all ports. For example, an AWS Network Load Balancer.
-
If the deployment includes PrivX components, such as Extender for routing to different VPNs or PrivX web connections:
- Configure traffic to the PrivX port 443 to use HTTPS load balancing with affinity-cookie support and round-robin routing. This allows PrivX components to discover PrivX Servers through the load balancer, and it also maintains secure connections to the required PrivX Servers.
- As an example in AWS, create a DNS name and use an Application Load Balancer for ports 80 and 443. Use a Network Load Balancer for the other ports. Native clients must use the Network Load Balancer address.
tip
For an example of an on-premises load balancer configuration, see Example Load Balancer Configuration: HAProxy.
Recommended Ports and Protocols
| Port | Protocol | Usage |
|---|---|---|
| 80 | HTTP or TCP | Redirecting traffic to HTTPS port and Windows CRL requests. |
| 443 | HTTPS with affinity cookies or TLS | For PrivX components, HTTPS with affinity cookies; TLS if PrivX components are not required. |
| 1080 | TCP | SSH native client proxy address when using ProxyCommand |
| 2222 | TCP | Native SSH client connections |
| 2322 | TCP | Extender service SSH listener |
| 3389 | TCP | Native RDP client connections |
| 8443 | TCP | Client-certificate authentication to PrivX instances |
| 20080 | TCP | Relay proxy-protocol connections to API Proxy services |