Skip to content
Kong Docs are moving soon! Our docs are migrating to a new home. You'll be automatically redirected to the new site in the future. In the meantime, view this page on the new site!
Kong Logo | Kong Docs Logo
  • Docs
    • Explore the API Specs
      View all API Specs View all API Specs View all API Specs arrow image
    • Documentation
      API Specs
      Kong Gateway
      Lightweight, fast, and flexible cloud-native API gateway
      Kong Konnect
      Single platform for SaaS end-to-end connectivity
      Kong AI Gateway
      Multi-LLM AI Gateway for GenAI infrastructure
      Kong Mesh
      Enterprise service mesh based on Kuma and Envoy
      decK
      Helps manage Kong’s configuration in a declarative fashion
      Kong Ingress Controller
      Works inside a Kubernetes cluster and configures Kong to proxy traffic
      Kong Gateway Operator
      Manage your Kong deployments on Kubernetes using YAML Manifests
      Insomnia
      Collaborative API development platform
  • Plugin Hub
    • Explore the Plugin Hub
      View all plugins View all plugins View all plugins arrow image
    • Functionality View all View all arrow image
      View all plugins
      AI's icon
      AI
      Govern, secure, and control AI traffic with multi-LLM AI Gateway plugins
      Authentication's icon
      Authentication
      Protect your services with an authentication layer
      Security's icon
      Security
      Protect your services with additional security layer
      Traffic Control's icon
      Traffic Control
      Manage, throttle and restrict inbound and outbound API traffic
      Serverless's icon
      Serverless
      Invoke serverless functions in combination with other plugins
      Analytics & Monitoring's icon
      Analytics & Monitoring
      Visualize, inspect and monitor APIs and microservices traffic
      Transformations's icon
      Transformations
      Transform request and responses on the fly on Kong
      Logging's icon
      Logging
      Log request and response data using the best transport for your infrastructure
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
Kong Konnect
  • Home icon
  • Kong Konnect
  • Ports and Network Requirements
github-edit-pageEdit this page
report-issueReport an issue
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Kong AI Gateway
  • Plugin Hub
  • decK
  • Kong Ingress Controller
  • Kong Gateway Operator
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • Introduction
    • Overview of Konnect
    • Architecture
    • Network Resiliency and Availability
    • Port and Network Requirements
    • Private Connections to Other Cloud Providers
      • Create a private connection with AWS PrivateLink
    • Geographic Regions
    • Centralized consumer management
    • Compatibility
    • Stages of Software Availability
    • Release Notes
    • Support
      • Control Plane Upgrades FAQ
      • Supported Installation Options
  • Get Started
    • Overview
    • Add your API
    • Migrating a Self-Managed Kong Gateway into Konnect
  • Gateway Manager
    • Overview
    • Dedicated Cloud Gateways
      • Overview
      • Provision a Dedicated Cloud Gateway
      • Securing Backend Traffic
      • Transit Gateways
      • Azure VNET Peering
      • Custom Domains
      • Custom Plugins
      • Data plane logs
    • Serverless Gateways
      • Overview
      • Provision a serverless Gateway
      • Securing Backend Traffic
      • Custom Domains
    • Data Plane Nodes
      • Installation Options
      • Upgrade a Data Plane Node
      • Verify a Data Plane Node
      • Secure Control Plane/Data Plane Communications
      • Renew Data Plane Certificates
      • Parameter Reference
      • Using Custom DP Labels
    • Control Plane Groups
      • Overview
      • Working with Control Plane Groups
      • Migrate Configuration into Control Plane Groups
      • Conflicts in Control Planes
    • Kong Gateway Configuration in Konnect
      • Overview
      • Manage Plugins
        • Overview
        • Adding Custom Plugins
        • Updating Custom Plugins
        • How to Create Custom Plugins
      • Create Consumer Groups
      • Secrets Management
        • Overview
        • Konnect Config Store
        • Set Up and Use a Vault in Konnect
      • Manage Control Plane Configuration with decK
    • Active Tracing
      • Overview
    • KIC Association
    • Backup and Restore
    • Version Compatibility
    • Troubleshooting
  • Mesh Manager
    • Overview
    • Create a mesh with the Kubernetes demo app
    • Federate a zone control plane to Konnect
    • Migrate a self-managed zone control plane to Konnect
  • Service Catalog
    • Overview
    • Integrations
      • Overview
      • Datadog
      • GitHub
      • GitLab
      • PagerDuty
      • SwaggerHub
      • Traceable
      • Slack
    • Scorecards
  • API Products
    • Overview
    • Product Documentation
    • Productize a Service
  • Dev Portal
    • Overview
    • Dev Portal Configuration Preparation
    • Create a Dev Portal
    • Sign Up for a Dev Portal Account
    • Publish an API to Dev Portal
    • Access and Approval
      • Manage Developer Access
      • Manage Developer Team Access
      • Add Developer Teams from IdPs
      • Manage Application Registrations
      • Configure generic SSO for Dev Portal
      • Configure Okta SSO for Dev Portal
    • Application Lifecycle
    • Register and create an application as a developer
    • Enable and Disable App Registration for API Product Versions
    • Dynamic Client Registration
      • Overview
      • Okta
      • Curity
      • Auth0
      • Azure
      • Custom IdP
    • Portal Management API Automation Guide
    • Audit Logging
      • Overview
      • Set up an Audit Log Webhook
      • Set up an Audit Log Replay Job
    • Portal Customization
      • Overview
      • About Self-Hosted Dev Portal
      • Host your Dev Portal with Netlify
      • Custom Domains
    • Dev Portal SDK
    • Troubleshoot
  • Advanced Analytics
    • Overview
    • Dashboard
    • Explorer
    • Analyze API Usage and Performance with Reports
    • Requests
  • Org Management
    • Plans and Billing
    • Authentication and Authorization
      • Overview
      • Teams
        • Overview
        • Manage Teams
        • Teams Reference
        • Roles Reference
      • Manage Users
      • Manage System Accounts
      • Personal Access Tokens
      • Social Identity Login
      • Org Switcher
      • Configure Generic SSO
      • Configure Okta SSO
      • Login Sessions Reference
      • Troubleshoot
    • Audit Logging
      • Overview
      • Set up an Audit Log Webhook
      • Set up an Audit Log Replay Job
    • Account and Org Deactivation
  • API
    • Overview
    • API Request API (Beta)
      • API Spec
    • API Products API
      • API Spec
    • Audit Logs API
      • API Spec
      • Audit Log Webhooks
    • Control Plane API
      • API Spec
    • Control Plane Configuration API
      • API Spec
    • Cloud Gateways API
      • API Spec
    • Identity API
      • API Spec
      • Identity Integration Guide
      • SSO Customization
    • Konnect Search API (Beta)
      • API Spec
    • Mesh Manager API
      • API Spec
      • Kong Mesh API Reference
    • Portal Client API
      • API Spec
    • Portal Management API
      • API Spec
    • Reference
      • Filtering
      • API Errors
  • Reference
    • Labels
    • Plugin Ordering Reference
    • Konnect Search
    • Terraform Provider
    • Audit Logs
    • Verify audit log signatures
    • IdP SAML attribute mapping
enterprise-switcher-icon Switch to OSS
On this pageOn this page
  • Control plane ports
  • Data plane node ports
  • Kong Gateway hostnames
    • AU geo
    • EU geo
    • IN geo
    • ME geo
    • US geo
    • Find configuration and telemetry hostnames
  • Kong Ingress Controller hostnames
    • AU geo
    • EU geo
    • IN geo
    • ME geo
    • US geo
    • Find configuration and telemetry hostnames
  • Mesh Manager hostnames

Ports and Network Requirements

Control plane ports

The Kong Konnect control plane uses the following ports:

Port Protocol Description
443 TCP
HTTPS
Cluster communication port for configuration and telemetry data. The Kong Konnect control plane uses this port to listen for connections and communicate with data plane nodes.
The cluster communication port must be accessible to data plane nodes within the same cluster. This port is protected by mTLS to ensure end-to-end security and integrity.
8071 TCP
UDP
Port used for audit logging.

Kong’s hosted control plane expects traffic on these ports, so they can’t be customized.

Note: If you are unable to make outbound connections using port 443, you can use an existing proxy in your network to make the connection. See Control Plane and Data Plane Communication through a Forward Proxy for details.

Data plane node ports

By default, Kong Gateway listens on the following ports:

Port Protocol Description
8000 HTTP Takes incoming HTTP traffic from consumers, and forwards it to upstream services.
8443 HTTPS Takes incoming HTTPS traffic from consumers, and forwards it to upstream services.

Kong Gateway ports can be fully customized. Set them in kong.conf.

For Kubernetes or Docker deployments, map ports as needed. For example, if you want to use port 3001 for the proxy, map 3001:8000.

Kong Gateway hostnames

Data plane nodes initiate the connection to the Konnect control plane. They require access through firewalls to communicate with the control plane.

To let a data plane node request and receive configuration, and send telemetry data, add the following hostnames to the firewall allowlist (depending on the geographic regions you use).

AU geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
au.api.konghq.com The Konnect API for the AU geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.au.portal.konghq.com The URL for the Dev Portal in the AU geo.
CONTROL_PLANE_DNS_PREFIX.au.cp0.konghq.com Handles configuration for a control plane in the AU geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.au.tp0.konghq.com Gathers telemetry data for a control plane in the AU geo. This hostname is unique to each organization and control plane.

EU geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
eu.api.konghq.com The Konnect API for the EU geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.eu.portal.konghq.com The URL for the Dev Portal in the EU geo.
CONTROL_PLANE_DNS_PREFIX.eu.cp0.konghq.com Handles configuration for a control plane in the EU geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.eu.tp0.konghq.com Gathers telemetry data for a control plane in the EU geo. This hostname is unique to each organization and control plane.

IN geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
in.api.konghq.com The Konnect API for the IN geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.in.portal.konghq.com The URL for the Dev Portal in the IN geo.
CONTROL_PLANE_DNS_PREFIX.in.cp0.konghq.com Handles configuration for a control plane in the IN geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.in.tp0.konghq.com Gathers telemetry data for a control plane in the IN geo. This hostname is unique to each organization and control plane.

ME geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
me.api.konghq.com The Konnect API for the ME geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.me.portal.konghq.com The URL for the Dev Portal in the ME geo.
CONTROL_PLANE_DNS_PREFIX.me.cp0.konghq.com Handles configuration for a control plane in the ME geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.me.tp0.konghq.com Gathers telemetry data for a control plane in the ME geo. This hostname is unique to each organization and control plane.

US geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
us.api.konghq.com The Konnect API for the US geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.us.portal.konghq.com The URL for the Dev Portal in the US geo.
CONTROL_PLANE_DNS_PREFIX.us.cp0.konghq.com Handles configuration for a control plane in the US geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.us.tp0.konghq.com Gathers telemetry data for a control plane in the US geo. This hostname is unique to each organization and control plane.

Find configuration and telemetry hostnames

You can find the configuration and telemetry hostnames through the Gateway Manager or the Konnect Control Planes API:

Gateway Manager
Control Planes API
  1. Open a control plane.
  2. Select Data Plane Nodes from the side menu, then click the New Data Plane Node button.
  3. Choose the Linux or Kubernetes tab and note the hostnames in the code block for the following parameters:

     cluster_control_plane = example.us.cp0.konghq.com:443
     cluster_server_name = example.us.cp0.konghq.com
     cluster_telemetry_endpoint = example.us.tp0.konghq.com:443
     cluster_telemetry_server_name = example.us.tp0.konghq.com
    
  1. Send a GET request to the control-planes API and inspect the response:

     curl -X GET https://us.api.konghq.com/v2/control-planes/{controlPlaneId}  \
     --header 'Authorization: Bearer <token>'
    

    Tip: You can find your control plane’s API URL on its overview page in the Gateway Manager.

  2. In the response, find your control_plane_endpoint and the telemetry_endpoint:

     {
         "config": {
             "auth_type": "pinned_client_certs",
             "cloud_gateway": false,
             "cluster_type": "CLUSTER_TYPE_CONTROL_PLANE",
             "control_plane_endpoint": "https://example.us.cp0.konghq.com",
             "proxy_urls": [],
             "telemetry_endpoint": "https://example.us.tp0.konghq.com"
         },
         "created_at": "2024-07-24T22:43:31.705Z",
         "description": "",
         "id": "8f0daba0-2246-48fb-8d56-a47ab94saf78",
         "labels": {},
         "name": "Example CP",
         "updated_at": "2024-07-24T22:43:31.705Z"
     }
    

Kong Ingress Controller hostnames

Kong Ingress Controller initiates the connection to the Konnect Control Planes Configuration API to:

  • Synchronize the configuration of the Kong Gateway instances with Konnect
  • Register data plane nodes
  • Fetch license information

Data plane nodes initiate the connection to Konnect APIs to report Analytics data.

Add the following hostnames to the firewall allowlist (depending on the geographic regions you use).

AU geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
au.api.konghq.com The Konnect API for the AU geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.au.portal.konghq.com The URL for the Dev Portal in the AU geo.
CONTROL_PLANE_DNS_PREFIX.au.cp0.konghq.com Handles configuration for a control plane in the AU geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.au.tp0.konghq.com Gathers telemetry data for a control plane in the AU geo. This hostname is unique to each organization and control plane.

EU geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
eu.api.konghq.com The Konnect API for the EU geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.eu.portal.konghq.com The URL for the Dev Portal in the EU geo.
CONTROL_PLANE_DNS_PREFIX.eu.cp0.konghq.com Handles configuration for a control plane in the EU geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.eu.tp0.konghq.com Gathers telemetry data for a control plane in the EU geo. This hostname is unique to each organization and control plane.

IN geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
in.api.konghq.com The Konnect API for the IN geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.in.portal.konghq.com The URL for the Dev Portal in the IN geo.
CONTROL_PLANE_DNS_PREFIX.in.cp0.konghq.com Handles configuration for a control plane in the IN geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.in.tp0.konghq.com Gathers telemetry data for a control plane in the IN geo. This hostname is unique to each organization and control plane.

ME geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
me.api.konghq.com The Konnect API for the ME geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.me.portal.konghq.com The URL for the Dev Portal in the ME geo.
CONTROL_PLANE_DNS_PREFIX.me.cp0.konghq.com Handles configuration for a control plane in the ME geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.me.tp0.konghq.com Gathers telemetry data for a control plane in the ME geo. This hostname is unique to each organization and control plane.

US geo

Hostname Description
cloud.konghq.com The Konnect platform.
global.api.konghq.com The Konnect API for platform authentication, identity, permissions, teams, and organizational entitlements and settings.
us.api.konghq.com The Konnect API for the US geo. Necessary if you are using decK in your workflow, decK uses this API to access and apply configurations.
PORTAL_ID.us.portal.konghq.com The URL for the Dev Portal in the US geo.
CONTROL_PLANE_DNS_PREFIX.us.cp0.konghq.com Handles configuration for a control plane in the US geo. Data plane nodes connect to this host to receive configuration updates. This hostname is unique to each organization and control plane.
CONTROL_PLANE_DNS_PREFIX.us.tp0.konghq.com Gathers telemetry data for a control plane in the US geo. This hostname is unique to each organization and control plane.

Find configuration and telemetry hostnames

Gateway Manager
Control Planes API

You can find the telemetry hostname through the Gateway Manager:

  1. Open a control plane.
  2. Click cogwheel icon Control Plane Actions > View Connection Instructions.
  3. Look for the following parameter in the Install the KIC section:

     cluster_telemetry_endpoint: "example.us.tp0.konghq.com:443"
    

You can find the control plane and telemetry hostnames through the Control Planes API.

  1. Send a GET request to the control-planes API and inspect the response:

     curl -X GET https://us.api.konghq.com/v2/control-planes/{controlPlaneId}  \
     --header 'Authorization: Bearer <token>'
    

    Tip: You can find your control plane’s API URL on its overview page in the Gateway Manager.

  2. In the response, find your control_plane_endpoint and the telemetry_endpoint:

     {
         "config": {
             "auth_type": "pinned_client_certs",
             "cloud_gateway": false,
             "cluster_type": "CLUSTER_TYPE_K8S_INGRESS_CONTROLLER",
             "control_plane_endpoint": "https://example.us.cp0.konghq.com",
             "telemetry_endpoint": "https://example.us.tp0.konghq.com"
         },
         "created_at": "2023-03-17T16:54:48.905Z",
         "description": "",
         "id": "32bf6188-906c-483c-b9e3-d7838a089364",
         "labels": {},
         "name": "KIC CP",
         "updated_at": "2024-07-09T07:47:34.514Z"
     }
    

Note: Visit https://ip-addresses.origin.konghq.com/ip-addresses.json for the list of IPs associated to regional hostnames. You can also subscribe to https://ip-addresses.origin.konghq.com/rss for updates.

Mesh Manager hostnames

If you plan to use Mesh Manager to manage your Kong service mesh, you must add the {geo}.mesh.sync.konghq.com:443 hostname to your firewall allowlist. The geo can be au, eu, us, or global.

Thank you for your feedback.
Was this page useful?
Too much on your plate? close cta icon
More features, less infrastructure with Kong Konnect. 1M requests per month for free.
Try it for Free
  • Kong
    Powering the API world

    Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

    • Products
      • Kong Konnect
      • Kong Gateway Enterprise
      • Kong Gateway
      • Kong Mesh
      • Kong Ingress Controller
      • Kong Insomnia
      • Product Updates
      • Get Started
    • Documentation
      • Kong Konnect Docs
      • Kong Gateway Docs
      • Kong Mesh Docs
      • Kong Insomnia Docs
      • Kong Konnect Plugin Hub
    • Open Source
      • Kong Gateway
      • Kuma
      • Insomnia
      • Kong Community
    • Company
      • About Kong
      • Customers
      • Careers
      • Press
      • Events
      • Contact
  • Terms• Privacy• Trust and Compliance
© Kong Inc. 2025