HTTP/HTTPS requests to non-standard ports on the Cloud WSG (formerly known as WSS)
search cancel

HTTP/HTTPS requests to non-standard ports on the Cloud WSG (formerly known as WSS)


Article ID: 165493


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Some customer require HTTP/HTTPS over non-standard ports and want to have the traffic flow go through the Cloud SWG.

Depending on the access method, the cloud service might or might not accept an HTTP/HTTPS request to a non-standard port. An example would be a service that uses port 3126 to make requests or a request from browser as

Non-standard ports use for HTTP/HTTPS traffic based on the access method list:

  • IPsec access method: This depends on the customer license. The standard license does not support non-standard ports. Customers with the Web Protection Suite (WPS) or with an "All Port License" will be able to work with non-standard ports.
    • For standard license the supported TCP ports are
      • 80
      • 443
      • 8443
  • Explicit Proxy: Supported for HTTP requests. For HTTPS (or CONNECT), requests to ports 22, 23, 25, 53, 161, 445, 3389, 5500, 5900..5999, 9001 are denied.
  • Proxy Forwarding access method: It depends on the ability of the forwarding proxy to accept the request from the users and forward to the cloud along with other requests on port 8080.
  • WSS Agent: Supported.


  1. In case the access method in use is WSS Agent, you can configure the forwarding ports in your portal account at Service >  Mobility. In the Forward Ports area, click Edit and add the additional port.
  2. In case the access method is Explicit Proxy, if customer would like to allow access to the blocked non-standard ports mentioned above, bypass the domain/IP Address from Cloud SWG by using Bypass list. (Service > Network > Bypassed Sites) . Then allow these domain / IPs through their local Firewall/Gateway.