Red Hat Satellite 6.6 List of Network Ports

Solution Verified - Updated -


Satellite 6.6


The attached PDF and spreadsheet lists all the required network ports for the Satellite, Capsule, and managed hosts as well as the start and endpoint of each communication path.

This matrix table can be used to determine the required network access for the deployed Satellite, Capsule, and managed host topology. It can be used in conjunction with the topology diagrams in the Capsule Networking section of the Satellite 6.6 Planning for Red Hat Satellite 6 guide.

Remember that a Capsule base operating system is a client of the Satellite's integrated Capsule and therefore ports for client communication must be open between a Capsule and a Satellite.

Select the "Follow" button below to receive notification of updates.

See the Ports and Firewalls Requirements section of the Red Hat Satellite 6.6 Installing Satellite Server from a Connected Network guide for more information.


ICMP to Port 7 UDP and TCP should not be rejected, but can be dropped. DHCP Capsule sends ECHO REQUEST to Client network to verify that an IP address is free. Any response will prevent IP addresses being allocated.

Known Issues

The list is based on the use of ports in a running Satellite or Capsule as reported by the developers. It does not make it clear you will need port 80 open at the very start of the installation of a Capsule. To install the consumer certificate on the base system of a Capsule requires port 80 to be open in the direction of the Satellite.


This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


TCP Port 9090 Capsule to Satellite is not listed but is needed for the capsule install. See: Please update the matrix.


Is this because the system that is going to become a Capsule did not have the base OS configured as a client?

In the guide for 6.6[1]

Enabling Connections from a Client to Satellite Server

Capsules and Content Hosts that are clients of a Satellite Server’s internal Capsule require access through Satellite’s host-based firewall and any network-based firewalls.

{the commands are just below that.}


On checking the matrix table, I could not find where this case of port 9090 on Satellite as end point is covered. Will ask developers.