Netgate is offering COVID-19 aid for pfSense software users, learn more.

Testing a TCP Port

The Diagnostics > Test Port page performs a simple TCP port connection test to see if the firewall can communicate with another host. This tests if a host is up and accepting connections on a given port, at least from the perspective of the firewall. No data is transmitted to the remote host during this test, it will only attempt to open a connection and optionally display the data sent back from the server.


This test does not function for UDP since there is no way to reliably determine if a UDP port accepts connections in this manner.

To perform a test:

  • Navigate to Diagnostics > Test Port

  • Fill in the fields on the page. The Hostname and Port fields are required, the rest are optional.

  • Click fa-wrench Test.

The following options are available on this page:


This is the IP address or hostname of the target system. This is a required field.


This is the TCP port on the target host to be tested. This is a required field and must be a valid port number, meaning an integer between 1 and 65,535.

Source Port

If needed, a manually specified source port for the query. This is not required in most cases.

Remote Text

If checked, this option shows the text given by the server when connecting to the port. The server is given 10 seconds to respond, and this page will display all of the text sent back by the server in those 10 seconds. As such, the test will run for a minimum of 10 seconds when performing this check.

Source Address

A specific source IP address or IP Alias/CARP Virtual IP from which the query will be sent. The service being tested may require a specific source IP address, network, etc, in order to make a connection.

IP Protocol

This option selects either IPv4 or IPv6 to control which type of IP address is used when given a hostname. If the connection is forced to IPv4 or IPv6 and the hostname does not contain a result using that protocol, it will result in an error. For example if forced to IPv4 and given a hostname that only returns an IPv6 IP address (AAAA record), it will not work.