# Network rules To further lock down the communication in between the nodes in your SonarQube Server cluster, you can define the network rules. The setup depends on the installation type.

Protocol	Source	Destination	Port	Default
TCP	Reverse Proxy	App Node	`sonar.web.port`	9000
TCP	App Node	Search Node	`sonar.cluster.node.search.port`	9001
TCP	Search Node	Search Node	`sonar.cluster.node.es.port`	9002
TCP	App Node	App Node	`sonar.cluster.node.port`	9003

You can further segment your network configuration if you specify a frontend, a backend and a search network:

Network	Parameter	Description
Frontend	`sonar.web.host`	Frontend HTTP Network
Backend	`sonar.cluster.node.host`	Backend App to App Network
Backend	`sonar.cluster.search.hosts`	Backend App to Search Network
Search	`sonar.cluster.node.search.host`	Backend Search to Search Network

For information about the parameters, see [dce-specific](https://docs.sonarsource.com/sonarqube-server/server-installation/system-properties/dce-specific "mention"). ## Related pages * [securing-behind-proxy](https://docs.sonarsource.com/sonarqube-server/server-installation/data-center-edition/network-security/securing-behind-proxy "mention") * [elasticsearch-security-features](https://docs.sonarsource.com/sonarqube-server/server-installation/data-center-edition/network-security/elasticsearch-security-features "mention")