Mideye Networking: Port & Firewall Setup
The following ports are used for communication with Mideye Server and need to be open in the network. If sharing a platform with other applications, verify that these ports are not already in use.
Web administration GUI
Section titled “Web administration GUI”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 443 or 8443 | TCP | Inbound | HTTPS — port is configurable during installation |
| 8080 | TCP | Inbound | HTTP — default in Docker / Kubernetes deployments |
RADIUS
Section titled “RADIUS”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 1812 | UDP | Inbound | RADIUS authentication (default; configurable per RADIUS server) |
| 1813 | UDP | Inbound | RADIUS accounting (if enabled) |
| 3799 | UDP | Outbound | RADIUS Disconnect Messages / CoA to NAS devices |
RADSEC (RADIUS over TLS)
Section titled “RADSEC (RADIUS over TLS)”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 2083 | TCP/TLS | Inbound | RADSEC — disabled by default |
Database
Section titled “Database”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 3306 | TCP | Outbound | MariaDB / MySQL (if database is on a remote server) |
| 1433 | TCP | Outbound | Microsoft SQL Server (if database is on a remote server) |
Directory services (LDAP / Active Directory)
Section titled “Directory services (LDAP / Active Directory)”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 636 | TCP | Outbound | LDAPS — LDAP over TLS (recommended) |
| 389 | TCP | Outbound | LDAP without TLS (not recommended) |
Mideye Switch
Section titled “Mideye Switch”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| Customer-specific TCP port | TCP | Outbound | TLS 1.3 to switch1.mideye.com and switch2.mideye.com. Request the port from support@mideye.com. |
MAS (Magic Link, RADIUS sessions)
Section titled “MAS (Magic Link, RADIUS sessions)”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 443 | TCP | Outbound | HTTPS to mas.prod.mideye.com |
Mideye Shield (IP threat intelligence)
Section titled “Mideye Shield (IP threat intelligence)”| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 443 | TCP | Outbound | HTTPS to shield.prod.mideye.com (optional) |
| Port | Protocol | Direction | Purpose |
|---|---|---|---|
| 53 | UDP/TCP | Outbound | DNS — required for LDAPS, FQDN-based Switch configuration, and RADIUS Disconnect Messages |
| 25 | TCP | Outbound | SMTP — only if email notifications are configured |
| 443 | TCP | Outbound | Microsoft Graph API — only if Azure AD / Entra ID integration is used |
| 443 | TCP | Outbound | Mideye+ simplified activation (activate01.mideye.com, activate02.mideye.com) |
For the canonical list of outbound IP addresses (and how to look them up via DNS), see External Service Issues → Outbound endpoints and IP addresses.