If your system is behind a firewall, select TCP and UDP ports must be open outbound for Globus to work. You may need to coordinate with your network or security administrator to open the ports.

The TCP and UDP ports that must be open for Globus Connect Personal, together with brief descriptions of each, are listed here:


Currently needs to be configured in your firewall rules, as specified below, for the transfer service to work with GCP. After December 9th 2017, the service will use the IP block. At this time, we recommend adding both the current IP address and the new range in your configuration to ensure uninterrupted use of your endpoint for your users. After December 9th 2017, you can remove rules regarding

  • TCP Port 2223 outbound to and

    • Used to communicate control channel traffic with the Globus Transfer service and also get certificates during initial setup

  • TCP Ports 50000 - 51000 outbound to Any

    • Used for data channel traffic for transfers with Globus Connect Server based endpoints

  • UDP ephemeral port range (32768 - 65535 to inclusively cover Windows, Mac, and Linux ranges) outbound to Any

    • Used for data channel traffic for transfers with Globus Connect Personal based endpoints (see note below)

  • UDP Port 19302 outbound to Any

    • This is to allow traffic to the STUN server used by Globus Connect Personal when setting up a session with another Globus Connect Personal endpoint (see note below). Normally this will be the stun.l.google.com Google STUN server.

Note:Transfers between two Globus Connect Personal endpoints are only possible if at least one of the endpoints is covered under a subscription.
Note:The transfer service IP addresses provided here are subject to change. We strive to keep the IP block stable, but if changes are expected, information will be published on the Globus blog and email will be sent to the Globus admin discuss list.