How to configure firewall policy for Globus Connect Personal

Globus Connect Personal is designed to work automatically with typical firewall settings. However, very strict firewall policies—​specifically, those that block outbound connections—​will foil this behavior. The table below lists the specific outbound TCP and UDP ports that must be open for Globus Connect Personal to work. Coordinate with your network or security administrator to open these ports.

Port # Open rule Used for

TCP 2223

Outbound to

Control channel with the Globus Transfer service, plus obtaining certificates during initial setup

TCP 50000-51000

Outbound to Any

Data channel for transfers with Globus Connect Server endpoints

UDP 32768-65535 (ephemeral)

Outbound to Any

Data channel for transfers with other Globus Connect Personal endpoints. (See note below.)

UDP 19302

Outbound to Any

Connect to STUN server when setting up a session with another Globus Connect Personal endpoint. (See note below.) Normally this will be the Google STUN server.


See our FAQ for user requirements for transfers between Globus Connect Personal endpoints.

The IP addresses provided above for the Globus Transfer service are subject to change. We strive to keep the IP block stable, but if changes are expected, information will be published on the Globus blog and email will be sent to the Globus admin discuss list.