# Using Enhance with an external Firewall
This guide details the firewall ports that must be allowed on servers with specific roles installed. If your server has multiple roles installed all relevant ports must be enabled to guarantee customers access and the smooth running of services such as automatic backups.
The following ports are TCP unless otherwise stated.
TIP
All servers on your Enhance cluster should allow any port from your control panel server's IP and from each other to allow for internal RPCs which use ephemeral ports.
# Application role
- 80
- 443*
- 22 (admin and customer SSH)
- 21 (FTP)
- 30000-31000 UDP (passive mode FTP)
If you are running LiteSpeed and wish to support HTTP/3 (QUIC) you may also wish to allow port 443 UDP.
# Database Role
- 3306
# Email Role
- 143
- 110
- 993
- 995
- 25
- 587
- 465
# DNS Role
- 53 (UDP and TCP)