Cisco Identity Services Engine Installation Guide, Release 3.5

PDF

Ports used by all Cisco ISE personas

Updated: May 28, 2026

Want to summarize with AI?

Log in

Overview

Lists the TCP and UDP ports required for inter-node communication and network device integration across all Cisco ISE persona

Effective communication between Cisco ISE personas, including Policy Administration, Monitoring, and Policy Service nodes, is important to maintaining a resilient and synchronized deployment. To ensure seamless inter-node connectivity and secure data exchange, you must configure the appropriate network ports across your Cisco ISE deployment.

This table lists the essential TCP and UDP ports required for all Cisco ISE personas,for secure communication.

Table 1. Ports used by all Cisco ISE nodes

Cisco ISE service

Ports on Gigabit Ethernet 0 or on Bond 0

Ports on other Ethernet interfaces (Gigabit Ethernet 1–5 or Bond 1 and Bond 2)

Replication and synchronization

  • HTTPS (SOAP) protocol: TCP port 443

  • Data synchronization and replication (JGroups) protocol uses TCP port 12001 (Global)

  • Cisco ISE messaging service - SSL: TCP port 8671

  • Cisco ISE internal communication: TCP port 15672

  • Profiler endpoint ownership synchronization and replication: TCP port 6379

Not applicable

Data Grid Service

  • TCP port 47500: Supports node discovery and deployment formation.

  • TCP port 47100: Enables internal communication between nodes.

  • TCP port 10800: Supports the establishment of client connections.

Not applicable

The TCP keepalive interval on Cisco ISE is 60 minutes. If a firewall is deployed between Cisco ISE nodes, configure firewall TCP timeout values accordingly.