Prisma Cloud Compute Edition 20.12 (Self-Hosted) | How-to guides | Configure Console's listening ports

Welcome
- Welcome
- Releases
- Getting started
- Product architecture
- Support lifecycle
- Upcoming support lifecycle changes
- Licensing
- Prisma Cloud Enterprise Edition vs Compute Edition
- Utilities and plugins
Install
- Install
- Getting started
- System requirements
- Prisma Cloud container images
- Onebox
- Kubernetes
- OpenShift 4
- OpenShift 3.11
- VMware Tanzu Kubernetes Grid
- Docker Swarm
- Amazon ECS
- Windows
- Defender types
- Install Defender
Upgrade
- Upgrade
- Upgrade process
- Onebox
- Kubernetes
- OpenShift
- Helm charts
- Docker Swarm
- Amazon ECS
- Manually upgrade single Container Defenders
- Manually upgrade Defender DaemonSets
- Manually upgrade Defender DaemonSets (Helm)
- Manually upgrade Swarm Defender global service
Technology overviews
- Technology overviews
- Prisma Cloud Advanced Threat Protection
- App-specific network intelligence
- Container runtimes
- Radar
- Serverless Radar
- Prisma Cloud rules guide for Docker
- Defender architecture
- Telemetry
Configure
- Configure
- Rule ordering and pattern matching
- Disaster recovery
- Custom feeds
- Proxy configuration
- Custom certs for Console access
- Configure scan intervals
- User certificate validity period
- Enable HTTP access to Console
- Set different paths for Console and Defender (with daemon sets)
- Authenticate to Console with certificates
- Customize terminal output
- Collections
- Tags
- Logon Settings
- Reconfigure Prisma Cloud
- Subject Alternative Names
Authentication
- Authentication
- Log into Console
- Active Directory
- OpenLDAP
- OpenID Connect
- Okta (SAML 2.0)
- Google G Suite (SAML 2.0)
- Azure Active Directory (SAML 2.0)
- PingFederate (SAML 2.0)
- Active Directory Federation Services (SAML 2.0)
- GitHub (OAuth 2.0)
- OpenShift (OAuth 2.0)
- Active Directory Non-default UPN suffixes
- Compute user roles
- Assign roles
- Use custom certificates for authorization
- Credentials store
Vulnerability management
- Vulnerability management
- Vulnerability Explorer
- Vulnerability management rules
- Search CVEs
- Scan reports
- Customize image scanning
- Registry scanning
- Configuring registry scans
- Base images
- VM image scanning
- Code repository scanning
- Malware scanning
- Risk trees
- Detect vulnerabilities in unpackaged software
- CVSS scoring
- Google Cloud Container Builder
- Windows image scanning
- Serverless function scanning
- VMware Tanzu blobstore scanning
Compliance
- Compliance
- Compliance Explorer
- Manage compliance
- CIS Benchmarks
- Prisma Cloud compliance checks
- Serverless functions
- Windows compliance checks
- Custom compliance checks
- Trusted images
- Host scanning
- VM image scanning
- Detect secrets
- Cloud discovery
Runtime defense
- Runtime defense
- Runtime defense overview
- Runtime defense for processes
- Runtime defense for networking
- Runtime defense for file systems
- Runtime defense for hosts
- Custom runtime rules
- Blocked containers
- Import and export individual rules
- Discrete blocking
- Fargate
- Incident Explorer
- Incident types
Access control
- Access control
- Docker role-based access control
- Admission control
Continuous integration
- Continuous integration
- Jenkins plugin
- Jenkins Freestyle project
- Jenkins Maven project
- Jenkins Pipeline project
- Run Jenkins in a container
- Jenkins pipeline on K8S
- CloudBees Core pipeline on K8S
- Set policy in the CI plugins
Web-Application and API Security (WAAS)
- Web-Application and API Security (WAAS)
- Overview
- Deployment
- App Firewall
- API Protection
- DoS Protection
- Bot Protection
- Access Control
- Advanced Settings
- Analytics
Firewalls
- Firewalls
- Cloud Native Network Firewall (CNNF)
Secrets
- Secrets
- Secrets manager
- Integrate with a secrets store
- Secrets stores
- Inject secrets into containers
- Injecting secrets example
Alerts
- Alerts
- Alert mechanism
- AWS Security Hub
- Cortex XSOAR
- Email
- Google Cloud Pub/Sub
- Google Cloud SCC
- IBM Cloud Security Advisor
- JIRA
- PagerDuty
- ServiceNow Security Incident Response
- ServiceNow Vulnerability Response
- Slack
- Webhook
Audit
- Audit
- Event viewer
- Host activity
- Admin activity
- Annotate audits
- Delete audit logs
- Syslog and stdout integration
- Log rotation
- Throttling
- Prometheus
- Kubernetes auditing
Tools
- Tools
- twistcli
- Scan images with twistcli
- Install Console with twistcli
- Update offline environments
Deployment patterns
- Deployment patterns
- Projects
- Migration options for scale projects
- DNS and certificate management
- Caps
- Migrate to SaaS Console
- Performance planning
API
- API
- Stability guide
- Upcoming API changes in H1Y21 release
- Access the API
- Set up fresh Console
- Automate Defender install
- Manage compliance policies
- 20.12 porting guide
How-to guides
- Howto
- Configure an ECS load balancer
- Use Nginx Ingress Controller
- Configure the load balancer type for AWS EKS
- Deploy Defenders External to an OpenShift cluster
- Configure Console's listening ports
- Provision tenant projects OpenShift
- Setting up Istio
- Disable automatic learning
- Rolling Defender upgrades
- Review debug logs

1. Overview

1. Overview

This guide shows you how to configure Prisma Cloud to listen on different ports. Typically this type of configuration is made at the load balancer layer, but it can be done directly with Prisma Cloud.

By default Prisma Cloud listens on:

8083 HTTPS management port for access to Console.
8084 WSS port for Defender to Console communication.

For more information, see the https://cdn.twistlock.com/docs/downloads/Prisma Cloud-Reference-Architecture.pdf[Reference Architecture].

If you are setting the port below 1024 then Prisma Cloud needs permission to access this privileged port. You must also set RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false} to true.

Prerequisite: You have downloaded and unpacked the Prisma Cloud software.

Go to the directory where you unpacked the Prisma Cloud software.
Open twistlock.cfg for editing.
- MANAGEMENT_PORT_HTTP sets the HTTP access port, leaving this blank disables HTTP access.
  
  Example: MANAGEMENT_PORT_HTTP=${MANAGEMENT_PORT_HTTP-80} configures Console to listen on port 80.
- MANAGEMENT_PORT_HTTPS sets the HTTPS access port.
  
  Example: MANAGEMENT_PORT_HTTPS=443 configures Console to to listen on port 443.
- COMMUNICATION_PORT sets the WSS port used for Defender to Console communication.
  
  Example: COMMUNICATION_PORT=9090 configures Console to listen on port 9090.
Run twistlock.sh to install Prisma Cloud Console with your settings.

If you are setting the port below 1024 then Prisma Cloud needs permission to access this privileged port. You must also set RUN_CONSOLE_AS_ROOT=${RUN_CONSOLE_AS_ROOT:-false} to true.