Some notes about configuring Coherence ports...

1. Coherence clusters typically use a set of ports for discovery, communication, and management. The main ports are:

Port Default Value Purpose
Cluster 7574 Default Well-Known Address (WKA) port (TCP)
Discovery 7574, 7575 Used for member discovery and join (TCP/UDP)
Management 30000–31000 [Coherence Management/JMX, if configured]
Extend 20000+ [If using Coherence*Extend clients]

Note: Only the specific ports actually in use need to be opened. Sharing "all ports" is never recommended.

Default Listen Port: Coherence cluster members discover and join the cluster via port 7574 by default. You can configure this in the WebLogic Admin Console under Environment → Coherence Clusters → Properties → Cluster Listen Port.

2. Coherence clusters can be set to unicast:
Via WebLogic Console under Environment → Coherence Clusters -> Click on your Cluster Name -> you can select Unicast as the clustering mode and specify a cluster listen port (typically 8088 is suggested for unicast).

After setting to unicast and specifying a fixed port, that port will be used for cluster member discovery. This avoids the need for multicast broadcast traffic.

3. Firewall Configuration Strategy
Given that Coherence may open multiple dynamic ports, here’s how you can secure cluster communication without excessively opening the firewall:

For Unicast Mode (Recommended Option)
Configure Coherence clustering to use Unicast mode.

Set the cluster listen port to a single fixed port (e.g., 8088 or any non-ephemeral port).

Configure firewall rules to allow traffic through only:

That one fixed cluster port (e.g., 8088), on both directions.

TCP port 7574 if using proxy name services or multicast clients.

This is more controlled than opening the entire ephemeral port range.