Network Ports and Services
This section provides an overview of the default network ports, services, and encryption protocols used by dbWatch Control Center. Understanding and configuring these ports correctly is essential for secure communication, proper firewall setup, and safe deployment of Control Center components.
Default Ports and Protocols
dbWatch Control Center uses the following default ports for inter-node communication and optional web features:
- 7100/TCP — Main communication port between dbWatch nodes (e.g., server-to-monitor, client-to-server).
This traffic is SSL/TLS-wrapped, resembling HTTPS for compatibility with firewalls and traffic inspection tools.
- 8080/TCP — Optional web server port used for:
- Web-based dashboards
> Both ports are configurable during domain setup or via the `node.connections` file.
Node Communication Configuration
Each dbWatch node includes a `node.connections` file, which:
- Specifies the port the node listens on (default: 7100)
- Defines trusted peers and communication paths
- Is central to how the Control Center domain establishes secure, encrypted links between components
Administrators can adjust these configurations manually or through the domain setup UI.
Internal Control Center Firewall
dbWatch Control Center includes an internal firewall mechanism that allows you to:
- Limit access to specific ports (e.g., block or restrict 8080/7100)
- Define which nodes are allowed to connect
- Add a second layer of access control, beyond OS firewalls
This feature is especially useful in segmented or high-security environments.
For configuration, see:
Port and Service Summary
| Port | Protocol | Service | Description | Encrypted | Encryption Type | Exposure |
|---|---|---|---|---|---|---|
| 7100 | TCP | Control Center Communication | Node-to-node and client-server communication | Yes | SSL/TLS (AES-GCM, 256-bit) | Open (can be restricted via internal firewall) |
| 8080 | TCP | Web Server (Optional) | Web dashboards, CSV/JSON exports, webhook receivers | No (unless proxied) | N/A | Closed by default; enabled via domain configuration |
Related Capabilities
If you plan to use port 8080 for dashboards or API-style integrations, review:
Network Security Recommendations
- Restrict port 7100/TCP to trusted dbWatch nodes and clients only
- Disable 8080/TCP unless web dashboards or web exports are in use
- When exposing web interfaces, consider placing behind an HTTPS reverse proxy
- Use the internal firewall to block unused node-to-node paths or restrict port access
- Monitor port usage and review node.connections files periodically
Related Topics
- Internal Control Center Firewall
- Encryption
- Sensitive Data Transmitted
- Web Dashboard
- Domain Configuration – Users and Privileges
If you need assistance designing a secure network topology or enabling secure dashboard access, contact:
support@dbwatch.com