topic Security - Open ports on QLIK in Management & Governance

Security - Open ports on QLIK

CTA — Wed, 29 Jan 2025 16:31:11 GMT

Hi,

Sorry if sounds like a dumb question, but I'm quite a newbie here and trying to understand how QLIK works. There is a QLIK installation that I need to understand it in terms of security. Did a nmap against the IP and there are a lot of open ports (most of them in the 4xxx range) that I'm not sure they should be allowed from outside.

Can you please advise if that should be the case or I should allow only 80 and 443?

Thank you in advance,

Re: Security - Open ports on QLIK

Chip_Matejowsky — Tue, 26 Jul 2022 18:29:46 GMT

Hi @CTA,

Yes, Qlik Sense relies on quite a few ports for communication. Have a look at the Qlik Sense Enterprise Server online Help entry Ports Overview and the Qlik Support article Required Ports for Qlik Sense Enterprise for more detailed information.

Best Regards

Re: Security - Open ports on QLIK

Levi_Turner — Tue, 26 Jul 2022 21:18:54 GMT

The only nuance that I'd have to @Chip_Matejowsky 's answer is that you need to break out the ports by their clients.

For end users accessing the Hub and QMC, only the HTTPS (or optional HTTP) port(s) are needed. By default they'd be 433 (and optionally 80). For multiple servers in a cluster reference the doc that Chip referenced for the port allowances needed.

Re: Security - Open ports on QLIK

CTA — Tue, 26 Jul 2022 21:39:34 GMT

Not sure I understand what you mean by break out the ports by their clients?

As I said before, I have 443 and 80 (HTTPS and HTTP) open for everyone and all the other 4xxx ports also open for everyone.

I guess you mean that there are some specific client application that connects from outside to the QLIK server on these ports, so I should whitelist those ports on specific IP sources.

I'm more the networking security guy here, so I try to quicker understand how QLIK works, so I can secure it as much as possible, so please excuse my possible dumb questions.

Re: Security - Open ports on QLIK

Levi_Turner — Tue, 26 Jul 2022 21:50:14 GMT

By client I mean a device / thing which connects to a service. In a multi-node setup, each node is a server and a client. In both single node and multi-node configurations, end users accessing the Hub and QMC are also clients.

End user access: HTTPS and HTTP ports.

Server to Server Communication (if using multiple nodes): See doc Chip referenced.