# Network rules

To lock down the communication in between the reverse proxy and SonarQube, you can define the following network rules:

<table><thead><tr><th width="107">Protocol</th><th>Source</th><th>Destination</th><th>Port</th><th>Default</th></tr></thead><tbody><tr><td>TCP</td><td>Reverse Proxy</td><td>SonarQube</td><td><code>sonar.web.port</code></td><td>9000</td></tr><tr><td>TCP</td><td>SonarQube</td><td>SonarQube</td><td><code>sonar.search.port</code></td><td>9001</td></tr><tr><td>TCP</td><td>SonarQube</td><td>SonarQube</td><td><code>sonar.es.port</code></td><td>random</td></tr></tbody></table>

You can further segment your network configuration if you specify a frontend network and keep Elasticsearch restricted to the loopback NiC.

<table data-header-hidden><thead><tr><th width="130">Network</th><th>Parameter</th><th>Description</th><th>Default</th></tr></thead><tbody><tr><td>Frontend</td><td><code>sonar.web.host</code></td><td>Frontend HTTP Network</td><td>0.0.0.0</td></tr><tr><td>Elasticsearch</td><td><code>sonar.search.host</code></td><td>Elasticsearch Network</td><td>127.0.0.1</td></tr></tbody></table>

For information about the parameters, see the [system-properties](https://docs.sonarsource.com/sonarqube-community-build/server-installation/system-properties/system-properties "mention").

## Related pages <a href="#related-pages" id="related-pages"></a>

* [securing-behind-proxy](https://docs.sonarsource.com/sonarqube-community-build/server-installation/network-security/securing-behind-proxy "mention")