How to configure Twistlock Console’s listening ports

How to configure Twistlock Console’s listening ports

8799
Created On 11/11/19 22:34 PM - Last Modified 12/20/19 18:36 PM


Objective


This article shows you how to configure Twistlock to listen on different ports. Typically this type of configuration is made at the load balancer layer, but it can be done directly with Twistlock.

By default Twistlock listens on:
  • 8083 HTTPS management port for access to Console
  • 8081 HTTP management port for access to Console
  • 8084 WSS port for Defender to Console communication
For more information, see the Reference Architecture.

If you are setting the port below 1024 then Twistlock needs permission to access this privileged port. You must also set RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false} to true

Prerequisites
  • You have downloaded and unpacked the Twistlock software.

Procedure


  1. Go to the directory where you unpacked the Twistlock software.
  2. Open twistlock.cfg for editing.
    • MANAGEMENT_PORT_HTTP sets the HTTP access port, leaving this blank disables HTTP access.
Example: MANAGEMENT_PORT_HTTP=${MANAGEMENT_PORT_HTTP-80} configures Console to listen on port 80.
  • MANAGEMENT_PORT_HTTPS sets the HTTPS access port.
Example: MANAGEMENT_PORT_HTTPS=443 configures Console to to listen on port 443.
  • COMMUNICATION_PORT sets the WSS port used for Defender to Console communication.
Example: COMMUNICATION_PORT=9090 configures Console to listen on port 9090.
  1. Run twistlock.sh to install Twistlock Console with your settings.
If you are setting the port below 1024 then Twistlock needs permission to access this privileged port. You must also set RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false} to true.

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PNQjCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail