Opening Network Ports Through a Firewall
When operating a Mirth® Appliance by NextGen Healthcare through a firewall or other device performing access control, it is necessary to allow some network traffic so that certain features can function.
| Traffic Direction | Port | Protocol | Service | Note |
|---|---|---|---|---|
| Out | 80 | tcp | Software Update | Can be restricted to mirthhq.mirthcorp.com. |
| Out | 443 | tcp | Software Update | Can be locked down to mirthhq.mirthcorp.com. |
| Out | 25 | tcp | Mail Delivery | Not necessary if you use a mail relay behind the firewall. |
| Out | 123 | udp | NTP (time) | Not necessary if you use an NTP server behind the firewall. |
| In | 80 | tcp | Control Panel | Only necessary to open if you perform administration through the firewall. An alternative is to use VPN service. |
| In | 8080, 8443 | tcp | Mirth | Only necessary to open if you perform administration through the firewall. An alternative is to use VPN service. |
| Out | 53 | tcp | DNS | Not necessary if there is a local DNS server behind the firewall. |
| In | 1194 | udp | VPN | This is the default value. Can be changed. Only necessary if you use the VPN Client Access service. |
| In | 22 | tcp | SFTP, Console Access | Only necessary if you use the SFTP Server or the Console Service. |
| Out | 80 | tcp | VPN | Optional. Only used for detecting external IP address. Can be locked down to www.mirthcorp.com |
| In | 5432 | tcp | Database | Only necessary if you use the database service and you require access behind the firewall. |
| In | 161 | udp | SNMP | Only necessary if you use SNMP. |
| In | 389 | tcp | LDAP Directory | Only necessary if you are setting up appliance-to-appliance LDAP directory replication through the firewall. |
| Out | 1194 443 | udp tcp | SupportNet | Use one of these options. Only needed if SupportNet access is desired. |