From 7e6c46a76b4fea8f6ed61e80e2730d3d02e17707 Mon Sep 17 00:00:00 2001
From: "claude[bot]" <41898282+claude[bot]@users.noreply.github.com>
Date: Mon, 22 Dec 2025 10:17:30 +0000
Subject: [PATCH] Fix: Update security guidelines and add missing ports to
 documentation

---
 ...ty-guidelines-for-production-deployment.md |  3 +-
 .../setup/reference/default-product-ports.md  | 40 +++++++++++++++++++
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md b/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
index d3631487dd..640339a79e 100644
--- a/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
+++ b/en/docs/install-and-setup/setup/deployment-best-practices/security-guidelines-for-production-deployment.md
@@ -698,7 +698,8 @@ This section provides a list of security guidelines for configuring the network
 <tr class="odd">
 <td><p>Check open ports and services</p></td>
 <td><p>Periodically check for open ports using port scanning tools and make sure that only the necessary ports are open to both internal and external networks. Be sure that only the ports relevant to your WSO2 products are open for communication. If there are other ports started, be sure to monitor them.</p>
-<p>For the full list of ports in all WSO2 products, see <a href="{{base_path}}/install-and-setup/setup/reference/default-product-ports/">Default Product Ports</a>.</p></td>
+<p>For the full list of ports in all WSO2 products, see <a href="{{base_path}}/install-and-setup/setup/reference/default-product-ports/">Default Product Ports</a>.</p>
+<p><strong>Note:</strong> Some ports may be dynamically allocated during server operations. When monitoring open ports, verify that any dynamic ports are expected and properly secured according to your deployment requirements. Dynamic port allocation can occur due to specific runtime configurations, JMX monitoring, clustering, and other operational requirements.</p></td>
 </tr>
 <tr class="even">
 <td><p>Configure device-level security</p></td>
diff --git a/en/docs/install-and-setup/setup/reference/default-product-ports.md b/en/docs/install-and-setup/setup/reference/default-product-ports.md
index b84e1b7078..092e30efcd 100644
--- a/en/docs/install-and-setup/setup/reference/default-product-ports.md
+++ b/en/docs/install-and-setup/setup/reference/default-product-ports.md
@@ -85,6 +85,14 @@ Listed below are the ports used by the API-M runtime when the [port offset]({{ba
             SSL port of the secure transport for receiving throttling events. This is required when the binary data publisher is used for throttling.
         </td>
     </tr>
+    <tr>
+        <td>
+            <code>10711</code>
+        </td>
+        <td>
+            SSL port for the secure transport used in data publishing and analytics. This port is used for secure communication with analytics servers.
+        </td>
+    </tr>
     <tr>
         <td>
             <code>9099</code>
@@ -93,6 +101,38 @@ Listed below are the ports used by the API-M runtime when the [port offset]({{ba
             Web Socket ports.
         </td>
     </tr>
+    <tr>
+        <td>
+            <code>8099</code>
+        </td>
+        <td>
+            Web Socket secure port (WSS).
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <code>9021</code>
+        </td>
+        <td>
+            TCP port used for internal event streaming and communication between API-M components.
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <code>8021</code>
+        </td>
+        <td>
+            Port used for internal event streaming communication.
+        </td>
+    </tr>
+    <tr>
+        <td>
+            <code>8672</code>
+        </td>
+        <td>
+            Port used for message broker AMQP transport with SSL.
+        </td>
+    </tr>
     <tr>
         <td>
             <code>8000</code>