Ports

An overview of the Neo4j-specific ports. Note that these ports are in addition to those necessary for ordinary network operation.

Specific recommendations on port openings cannot be made, as the firewall configuration must be performed according to your particular conditions.

When exposing network services, make sure they are always protected.

Listen address configuration settings

The listen address configuration settings will set the network interface and port to listen on. For example, the IP-address 127.0.0.1 and port 7687 can be set with the value 127.0.0.1:7687. The table below shows an overview of available Neo4j-specific ports and related configuration settings.

Table 1. Listen address configuration settings overview
Name	Default port	Related configuration setting
Backup	`6362`	`server.backup.listen_address`
HTTP	`7474`	`server.http.listen_address`
HTTPS	`7473`	`server.https.listen_address`
Bolt	`7687`	`server.bolt.listen_address`
Cluster discovery v1	`5000`	`server.discovery.listen_address` Deprecated in 5.23
Cluster internal traffic	`6000`	`server.cluster.listen_address`
Cluster RAFT	`7000`	`server.cluster.raft.listen_address`
Cluster routing connector	`7688`	`server.routing.listen_address`
Graphite monitoring	`2003`	`server.metrics.graphite.server`
Prometheus monitoring	`2004`	`server.metrics.prometheus.endpoint`
JMX monitoring	`3637`	`server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637`
Remote debugging	`5005`	`server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005`

The configuration setting server.default_listen_address configures the default network interface to listen for incoming connections.

Advertised address configuration settings

The advertised address configuration settings are used for routing purposes. An advertised address is composed of a hostname/IP-address and port. For example, the IP-address 127.0.0.1 and port 7687 can be set with the value 127.0.0.1:7687. If a host name resolution service has been configured, the advertised address can use a hostname, for example, example.com:7687. The table below shows an overview of available Neo4j-specific ports and related configuration settings.

Table 2. Advertised address configuration settings overview
Name	Default port	Related configuration setting
HTTP	`7474`	`server.http.advertised_address`
HTTPS	`7473`	`server.https.advertised_address`
Bolt	`7687`	`server.bolt.advertised_address`
Cluster discovery v1	`5000`	`server.discovery.advertised_address` Deprecated in 5.23
Cluster internal traffic	`6000`	`server.cluster.advertised_address` is used for the discovery service v2 since Neo4j 5.23. See Cluster server discovery for more details.
Cluster RAFT	`7000`	`server.cluster.raft.advertised_address`
Cluster routing connector	`7688`	`server.routing.advertised_address`

The configuration setting server.default_advertised_address configures the default hostname/IP-address for advertised address.

Ports used by Neo4j

Backup

Default port: 6362

Table 3. Backup
Related configuration setting	Default value	Description
`server.backup.listen_address`	`127.0.0.1:6362`	Network interface and port for the backup server to listen on.
`server.backup.enabled`	`true`	Enable support for running online backups.

In production environments, external access to the backup port should be blocked by a firewall.

For more information, see Backup and restore → Server configuration.

HTTP

Default port: 7474

Table 4. HTTP connector
Related configuration setting	Default value	Description
`server.http.listen_address`	`:7474`	Network interface and port for the HTTP connector to listen on.
`server.http.advertised_address`	`:7474`	Advertised hostname/IP-address and port for the HTTP connector.
`server.http.enabled`	`true`	Enable the HTTP connector.

The HTTP connector is enabled by default.
The network communication is unencrypted.
Used by Neo4j Browser and the HTTP API.

For more information, see Configure network connectors.

HTTPS

Default port: 7473

Table 5. HTTPS connector
Related configuration setting	Default value	Description
`server.https.listen_address`	`:7473`	Network interface and port for the HTTPS connector to listen on.
`server.https.advertised_address`	`:7473`	Advertised hostname/IP-address and port for the HTTPS connector.
`server.https.enabled`	`false`	Enable the HTTPS connector.

The network communication is encrypted.
Used by Neo4j Browser and the HTTP API.

For more information, see Configure network connectors.

Bolt

Default port: 7687

Table 6. Bolt connector
Related configuration setting	Default value	Description
`server.bolt.listen_address`	`:7687`	Network interface and port for the Bolt connector to listen on.
`server.bolt.advertised_address`	`:7687`	Advertised hostname/IP-address and port for the Bolt connector.
`server.bolt.enabled`	`true`	Enable the Bolt connector.
`server.bolt.tls_level`	`DISABLED`	Encryption level for the Bolt connector.

By default, the Bolt connector is enabled, but its encryption is turned off.
Used by Cypher Shell, Neo4j Browser, and the official Neo4j drivers.

For more information, see Configure network connectors.

Cluster

All instances of Neo4j Enterprise will open these ports, whether or not they are currently in a multi-process configuration.

Table 7. Cluster listen address
Name	Default port	Default value	Related configuration setting
Discovery v1	`5000`	`:5000`	`server.discovery.listen_address` Deprecated in 5.23
Internal traffic	`6000`	`:6000`	`server.cluster.listen_address` See Cluster server discovery.
RAFT	`7000`	`:7000`	`server.cluster.raft.listen_address`
Routing connector	`7688`	`:7688`	`server.routing.listen_address`

Table 8. Cluster advertised address
Name	Default port	Default value	Related configuration setting
Discovery v1	`5000`	`:5000`	`server.discovery.advertised_address` Deprecated in 5.23
Internal traffic	`6000`	`:6000`	`server.cluster.advertised_address` is used for the discovery service v2 since Neo4j 5.23. See Cluster server discovery.
RAFT	`7000`	`:7000`	`server.cluster.raft.advertised_address`
Routing connector	`7688`	`:7688`	`server.routing.advertised_address`

The ports are likely be different in a production installation; therefore the potential opening of ports must be modified accordingly.

For more information, see:

Graphite monitoring

Default port: 2003

Table 9. Graphite
Related configuration setting	Default value	Description
`server.metrics.graphite.server`	`:2003`	Hostname/IP-address and port of the Graphite server.
`server.metrics.graphite.enabled`	`false`	Enable exporting metrics to the Graphite server.

This is an outbound connection that enables a Neo4j instance to communicate with a Graphite server.

For further information, see monitoring/metrics/reference.adoc#metrics-graphite and the Graphite official documentation.

Prometheus monitoring

Default port: 2004

Table 10. Prometheus
Related configuration setting	Default value	Description
`server.metrics.prometheus.endpoint`	`localhost:2004`	Network interface and port for the Prometheus endpoint to listen on.
`server.metrics.prometheus.enabled`	`false`	Enable exporting metrics with the Prometheus endpoint.

For more information, see Prometheus.

JMX monitoring

Default port: 3637

Table 11. Java Management Extensions
Related configuration setting	Default value	Description
`server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637`	`3637`	Additional setting for exposing the Java Management Extensions (JMX).

For further information, see Java Reference → JMX metrics and the official documentation on Monitoring and Management Using JMX.

Remote debugging

Default port: 5005

Table 12. Remote debugging
Related configuration setting	Default value	Description
`server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005`	`:5005`	Additional setting for exposing remote debugging.

For more information, see the Java Reference → Setup for remote debugging.