# Using Enhance with an external Firewall
This guide details the firewall ports that must be allowed on servers with specific roles installed. If your server has multiple roles installed all relevant ports must be enabled to guarantee customers access and the smooth running of services such as automatic backups.
The following ports are TCP unless otherwise stated.
TIP
All servers in your Enhance cluster should allow port 50000 TCP from your control panel server's IP and from each other to allow for internal RPCs.
All servers in your Enhance cluster should allow port 50003 and 50004 from the control panel server IP for the internal file management service.
# Application role
- 80
- 443*
- 22 (admin and customer SSH)
- 21 (FTP)
- 30000-31000 UDP (passive mode FTP)
If you are running LiteSpeed and wish to support HTTP/3 (QUIC) you may also wish to allow port 443 UDP.
# Database Role
- 3306
# Email Role
- 143
- 110
- 993
- 995
- 25
- 587
- 465
# DNS Role
- 53 (UDP and TCP)