Appliance Infrastructure: IP/Domain and Port List

The Appliance requires certain ports within the cluster to be open and able to access each other, as well as selected external sites.

Between Cluster Nodes

When possible, instances within a cluster should have full connectivity to each other so that you do not need to introduce new firewall rules if Auth0 adds new features. However, since this isn't possible in every environment, the following table lists the ports that are required to be open and accessible to other Appliance instances in the same cluster:

Port Use Required? Notes
27017 Database Yes
7777 Control Yes
9001 Rate Limiting Yes Required if rate limiting is used
8721 Webtask Logging/Control Yes Required for logging and debugging
8701 Webtask Logging/Control Yes Required for logging and debugging
22 Maintenance No Enables maintenance tasks to be done between nodes
ICMP Healthcheck No Allows healthchecks between nodes

External Connectivity

Auth0 strives to keep these IP addresses stable, though this is not a given. From time to time, Auth0 may add IP addresses or additional servers. During updates and metrics, you must allow your Appliance instances to connect to these addresses.

Use Direction IP/DNS Port Notes Required?
Command Line Interface Inbound CLI Clients (often on the internal network) 10121 Allows use of the Appliance Command Line Interface No
Updates Outbound ( 80/443 Provides update packages for Appliance instances Yes
Updates Outbound ( 5000/443 Provides updates for Appliance Docker Packages Yes
Updates Outbound 443 Provides update packages for Appliance instances running versions `6868` or earlier Yes
GitHub Outbound 443 Source to download and repackage example applications No
Usage & Telemetry Outbound ( 443 Provides usage and telemetry statistics Yes
Maintenance Inbound Jump Host 22 Allows access to Appliance instances for support purposes No
Healthcheck Inbound Monitoring Endpoint 9110 Allows access to Healthcheck endpoints No


  • If you are using social providers for logins, the cluster must be able to connect to the social providers' endpoints.
  • The Jump Host IP is stable and provided at the time of setup.
  • You do not need to allow access to for Appliance versions after 6868.