Ports

An overview of the Neo4j-specific ports. Note that these ports are in addition to those necessary for ordinary network operation.

Specific recommendations on port openings cannot be made, as the firewall configuration must be performed according to your particular conditions.

When exposing network services, make sure they are always protected.

Listen address configuration settings

The listen address configuration settings will set the network interface and port to listen on. For example, the IP-address 127.0.0.1 and port 7687 can be set with the value 127.0.0.1:7687. The table below shows an overview of available Neo4j-specific ports and related configuration settings.

Table 1. Listen address configuration settings overview
Name Default port Related configuration setting

Backup

6362

server.backup.listen_address

HTTP

7474

server.http.listen_address

HTTPS

7473

server.https.listen_address

Bolt

7687

server.bolt.listen_address

Cluster discovery v1

5000

server.discovery.listen_address Deprecated in 5.23

Cluster internal traffic

6000

server.cluster.listen_address

Cluster RAFT

7000

server.cluster.raft.listen_address

Cluster routing connector

7688

server.routing.listen_address

Graphite monitoring

2003

server.metrics.graphite.server

Prometheus monitoring

2004

server.metrics.prometheus.endpoint

JMX monitoring

3637

server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637

Remote debugging

5005

server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005

The configuration setting server.default_listen_address configures the default network interface to listen for incoming connections.

Advertised address configuration settings

The advertised address configuration settings are used for routing purposes. An advertised address is composed of a hostname/IP-address and port. For example, the IP-address 127.0.0.1 and port 7687 can be set with the value 127.0.0.1:7687. If a host name resolution service has been configured, the advertised address can use a hostname, for example, example.com:7687. The table below shows an overview of available Neo4j-specific ports and related configuration settings.

Table 2. Advertised address configuration settings overview
Name Default port Related configuration setting

HTTP

7474

server.http.advertised_address

HTTPS

7473

server.https.advertised_address

Bolt

7687

server.bolt.advertised_address

Cluster discovery v1

5000

server.discovery.advertised_address Deprecated in 5.23

Cluster internal traffic

6000

server.cluster.advertised_address is used for the discovery service v2 since Neo4j 5.23. See Cluster server discovery for more details.

Cluster RAFT

7000

server.cluster.raft.advertised_address

Cluster routing connector

7688

server.routing.advertised_address

The configuration setting server.default_advertised_address configures the default hostname/IP-address for advertised address.

Ports used by Neo4j

Backup

Default port: 6362

Table 3. Backup
Related configuration setting Default value Description

server.backup.listen_address

127.0.0.1:6362

Network interface and port for the backup server to listen on.

server.backup.enabled

true

Enable support for running online backups.

In production environments, external access to the backup port should be blocked by a firewall.

For more information, see Backup and restore → Server configuration.

HTTP

Default port: 7474

Table 4. HTTP connector
Related configuration setting Default value Description

server.http.listen_address

:7474

Network interface and port for the HTTP connector to listen on.

server.http.advertised_address

:7474

Advertised hostname/IP-address and port for the HTTP connector.

server.http.enabled

true

Enable the HTTP connector.

  • The HTTP connector is enabled by default.

  • The network communication is unencrypted.

  • Used by Neo4j Browser and the HTTP API.

For more information, see Configure network connectors.

HTTPS

Default port: 7473

Table 5. HTTPS connector
Related configuration setting Default value Description

server.https.listen_address

:7473

Network interface and port for the HTTPS connector to listen on.

server.https.advertised_address

:7473

Advertised hostname/IP-address and port for the HTTPS connector.

server.https.enabled

false

Enable the HTTPS connector.

  • The network communication is encrypted.

  • Used by Neo4j Browser and the HTTP API.

For more information, see Configure network connectors.

Bolt

Default port: 7687

Table 6. Bolt connector
Related configuration setting Default value Description

server.bolt.listen_address

:7687

Network interface and port for the Bolt connector to listen on.

server.bolt.advertised_address

:7687

Advertised hostname/IP-address and port for the Bolt connector.

server.bolt.enabled

true

Enable the Bolt connector.

server.bolt.tls_level

DISABLED

Encryption level for the Bolt connector.

  • By default, the Bolt connector is enabled, but its encryption is turned off.

  • Used by Cypher Shell, Neo4j Browser, and the official Neo4j drivers.

For more information, see Configure network connectors.

Cluster

All instances of Neo4j Enterprise will open these ports, whether or not they are currently in a multi-process configuration.

Table 7. Cluster listen address
Name Default port Default value Related configuration setting

Discovery v1

5000

:5000

server.discovery.listen_address Deprecated in 5.23

Internal traffic

6000

:6000

server.cluster.listen_address See Cluster server discovery.

RAFT

7000

:7000

server.cluster.raft.listen_address

Routing connector

7688

:7688

server.routing.listen_address

Table 8. Cluster advertised address
Name Default port Default value Related configuration setting

Discovery v1

5000

:5000

server.discovery.advertised_address Deprecated in 5.23

Internal traffic

6000

:6000

server.cluster.advertised_address is used for the discovery service v2 since Neo4j 5.23. See Cluster server discovery.

RAFT

7000

:7000

server.cluster.raft.advertised_address

Routing connector

7688

:7688

server.routing.advertised_address

The ports are likely be different in a production installation; therefore the potential opening of ports must be modified accordingly.

For more information, see:

Graphite monitoring

Default port: 2003

Table 9. Graphite
Related configuration setting Default value Description

server.metrics.graphite.server

:2003

Hostname/IP-address and port of the Graphite server.

server.metrics.graphite.enabled

false

Enable exporting metrics to the Graphite server.

This is an outbound connection that enables a Neo4j instance to communicate with a Graphite server.

Prometheus monitoring

Default port: 2004

Table 10. Prometheus
Related configuration setting Default value Description

server.metrics.prometheus.endpoint

localhost:2004

Network interface and port for the Prometheus endpoint to listen on.

server.metrics.prometheus.enabled

false

Enable exporting metrics with the Prometheus endpoint.

For more information, see Prometheus.

JMX monitoring

Default port: 3637

Table 11. Java Management Extensions
Related configuration setting Default value Description

server.jvm.additional=-Dcom.sun.management.jmxremote.port=3637

3637

Additional setting for exposing the Java Management Extensions (JMX).

Remote debugging

Default port: 5005

Table 12. Remote debugging
Related configuration setting Default value Description

server.jvm.additional=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005

:5005

Additional setting for exposing remote debugging.

For more information, see the Java Reference → Setup for remote debugging.