# Firewall rules

Unlike with MySQL/MariaDB, Enhance does not open PostgreSQL port 5432 to the internet by default. Instead it automatically adds the required allow rules where a website has its PostgreSQL role placed separately to the Application role.

If you use an external firewall it is necessary to allow port 5432 TCP between the servers in your cluster to allow for website migrations.

If you would like to allow customers to remotely access their PostgreSQL database (from their PC or a 3rd party server) you will need to open port 5432 in ufw, either to the customer's IP or to the wider internet.

← Installing PostgreSQL to an existing cluster PostgreSQL management →