About all

Port iv access: Venous access ports – CIRSE


Venous access ports – CIRSE

Once the interventional radiologist has accessed the vein, they will use a guidewire to introduce a sheath and create a small pocket under the skin in the chest area. The catheter is then tunnelled to the vein and the port is connected to the catheter and placed in the pocket. Most physicians prefer to wait a week before starting to use the port. The wall of the port can be used for approximately 2000 punctures.

Why perform it?

The procedure is ideal for patients in need of long-term yet intermittent intravenous access. These patients typically receive chemotherapy or transfusions on a weekly or monthly basis and are unable to use a catheter inserted into a vein in the arm or hand.

Although the placement procedure is more complex and invasive than the more common technique of inserting a catheter into a vein in the hand or arm, central venous access ports reduce the restrictions on patient’s daily activities, such as bathing, swimming and other forms of exercise. A venous access port has a lower risk of being dislodged than a catheter in the arm or hand. The port also requires fewer injections of heparin and fewer dressing changes. Because it is beneath the skin, it has an aesthetic advantage as well as a decreased risk of infection. Although venous access ports are expensive, the maintenance costs and risk of infection are low.

What are the risks?

Early complications are related to the technique itself, such as bruising, pneumothorax, nerve injury and an abnormal connection developing between an artery and a vein (called an arteriovenous fistula). Complications that may occur after the procedure include infection, a blockage or fracture in the catheter, blood clots and blockages in the vein. Some of these complications can have serious consequences and may even lead to death.

If the catheter breaks or fractures, any medication in the catheter may leak under the skin, causing soft tissue death or wounds that do not heal. Complications are usually associated with the route of implantation, a lack of experience in the physician implanting the port, and if appropriate care is not taken with the catheters while they are in use.

If the venous access port is implanted under image guidance, the risk of procedure-related complications associated with surgical implantation is virtually eliminated.

Implanted Venous Access Device (Port)

A port, sometimes called a Port-a-Cath, an implanted venous access device, or central line is used to give you medicine and fluid into your veins. It works like an IV catheter but can stay in place for 5 years or more. A port is made up of a reservoir attached to a tube (catheter). The reservoir is placed under your skin and the tube goes into a vein. The reservoir will look like a bump under your skin. It is round and about the size of a quarter. The tube is not usually noticeable. The purpose of a port is to make it easy to get IV medications or have blood taken. If you are having chemotherapy over several months or more, a port may be recommended.

A port can be in your chest, abdomen (belly), or arm. The port is put in by a doctor in a hospital operating room or radiology department. You may be given anesthesia (to make you sleepy), or you may be awake for the surgery. It is a short surgery and has few side effects. Some bruising, soreness, and swelling where the port is placed are common. Stitches, steri-strips (surgical tape), or surgical glue will be used to close the skin where the port is placed.

To use your port, a nurse will first “access” the port. This is done by putting a needle through your skin and into the reservoir. Putting the needle in is a sterile (very clean) procedure. A numbing medication may be used before putting the needle in to lessen any pain from the needle. The nurse putting in the needle will feel for the reservoir. The nurse will put on sterile gloves and clean the area. The needle is put through your skin and into the reservoir. The needle is left in place and the area is covered with a dressing. The needle is connected to a lumen (clear tube) with a cap at the end. This will be used to give medications, fluids, chemotherapy, blood products, or to draw blood. Once your infusion is done or your labs have been drawn, your nurse will remove the dressing and the needle. A bandaid may be used to cover the site where the needle was removed.

How do I care for my port?
  • Follow your surgeon’s directions for how you should care for your port after the surgery. This may include avoiding heavy lifting for a while. You should call your provider if you have any signs of infection such as fever, redness, swelling, pain, discharge (drainage), or warmth.
  • Before handling any tubing attached to the port, wash your hands. When you are finished handling the tube, remove your gloves and wash your hands again.
  • While a needle is in your port, be careful to not pull on the tubing to keep the needle from coming out. If the dressing becomes dirty or wet it should be changed right away.
  • A port should be flushed before use and after use. Flushing means using a syringe to put saline solution (medical saltwater) into the port.
  • You should look at your port site each day. Even after the area has healed from surgery, you should check for signs of infection such as redness, swelling, pain, discharge (drainage), and warmth. Also, check that the reservoir is secure under your skin and not moving.
  • If your port is not being used, it should be flushed with saline once a month. If you no longer need your port it can be removed.
When to contact your care team

You should call your provider if you have any signs of infection. If fluid given into the port does not flow freely or the skin around the port is swelling, stop the infusion and call your care team. Contact your care team if you notice changes in the area around the port or if the reservoir is moving around underneath your skin.

About Your Implanted Port | Memorial Sloan Kettering Cancer Center

This information will teach you about the placement and care of your implanted port. An implanted port is a type of central venous catheter (CVC).

Back to top

About Implanted Ports

An implanted port (also known as a “port”) is a flexible tube that’s placed into a vein in your chest. It will make it easier for your healthcare team to:

  • Give you intravenous (IV, through a vein) medication.
  • Give you IV fluids.
  • Take blood samples.
  • Give you medications continuously for several days. Sometimes medications must be given in a vein larger than the ones in your arms. The port lets the medication go into your bloodstream through a large vein near your heart.

Implanted ports are usually placed about 1 inch (2.5 centimeters) below the center of your right collarbone (see Figure 1). If you wear a bra, your implanted port will be about 1 inch from where your bra strap lies.

Figure 1. Port location

Implanted ports can stay in place for years. Your doctor will remove your port when you don’t need it anymore.

Types of implanted ports

All implanted ports are made up of 2 parts: the port with a septum and a catheter (see Figure 2).

  • The port is the starting point of fluid flow through the catheter. It sits under your skin and has a raised center called a septum. The septum is made from a self-sealing rubber material. This is the part of the port where needles will be placed. This is also called the access point.
  • The catheter is a small, plastic, flexible tube. One end of the catheter is connected to the port, and the other end sits in a large vein near your heart.

Figure 2. Parts of your port

There are 2 types of implanted ports:

  • A single lumen port is a port with 1 access point (see Figure 3). Most people will get a single lumen port.
  • A double lumen port is a port with 2 access points (see Figure 3). You can put a needle in each access point. Double lumen ports are used for people that regularly need more than 1 point of access.

Figure 3. Single and double lumen ports

Most implanted ports will be the size of a nickel or a quarter. They can be circular, oval, or triangle shaped. Your doctor will choose the one that’s best for you and your treatments. Your port may be called a BardPort®, a Mediport®, a PowerPort®, or a Port-A-Cath®.

Power-injectable ports

Most implanted ports are made to be used during imaging tests, such as computed tomography (CT) scans or magnetic resonance imaging (MRI), to allow for high speed injections (shots) of contrast. These implanted ports are called power-injectable ports.

When you have your implanted port placed, your nurse will let you know if you have a power-injectable port. They will also give you a wallet card with information about your implanted port. You should carry it with you at all times.

Accessing your implanted port

When you need IV fluids or medication, your nurse will place a needle through the access point on your implanted port. This is called accessing your port (see Figure 4). The fluid or medication will move from your implanted port through the catheter and into your bloodstream.

Don’t let anyone who isn’t trained in port access to access your port.

Figure 4. Accessing your port

Back to top

About Your Implanted Port Placement

Before your procedure

Your port will be placed either in Interventional Radiology or in the operating room. Port placement is a short procedure. Your doctor or nurse will tell you how to prepare for it.

Before the procedure, you will have an IV line placed in your arm. You will get medication through your IV that will make you feel drowsy. The medication will control pain and anxiety.

Remove devices from your skin

If you wear any of the following devices on your skin, the manufacturer recommends you remove it before your scan or procedure:

  • Continuous glucose monitor (CGM)
  • Insulin pump

Talk with your healthcare provider about scheduling your appointment closer to the date you need to change your device. Make sure you have an extra device with you to put on after your scan or procedure.

If you’re not sure how to manage your glucose while your device is off, talk with the healthcare provider who manages your diabetes care before your appointment.

During your procedure

The area where the implanted port will be placed will be cleaned and numbed with local anesthetic (medication that numbs an area of your body). You will be given local anesthetic in 2 places, your neck and your chest.

A small incision (surgical cut) will be made at the base of your neck. A second incision will be made on your chest, under your collarbone. The catheter will be placed through the second incision, tunneled under your skin to the first incision, and threaded into your vein.

Your incisions will be closed with either sutures (stitches) or surgical glue called Dermabond®. If you have sutures, they will be absorbed and won’t need to be removed.

After your procedure

You may have some discomfort at your incision sites and where the catheter was tunneled under your skin. This pain should get better in 24 to 48 hours. You can take over-the-counter pain medication (medication you get without a prescription) if you need it. Most people don’t need prescription pain medication.

If your port will be used the day it’s placed, your doctor will insert an access needle into the septum during your port placement. The needle and port will be covered by a bandage (dressing). There will also be a small bandage over the top incision.

Caring for your incision site

If your incisions were closed with sutures:

  • You will have 2 small bandages covering your incision.
  • Leave your bandages in place for 48 hours, or as long as your doctor tells you to.
  • Don’t get your bandages wet. You can shower once your bandages are removed.
  • Wearing a seatbelt may put pressure on your incisions. You can put a small pillow or folded towel between the strap and your body to help with this.
  • For 3 to 5 days after your implanted port is placed, don’t lift anything heavier than 10 pounds (4.5 kilograms).

If your incisions were closed with Dermabond:

  • You may have small pieces of tape or bandages covering the incisions.
  • Don’t apply lotion or place adhesive on top of the tape or bandage.
  • Don’t pick or scratch the Dermabond. It will come off on its own.
  • Wearing a seatbelt may put pressure on your incisions. You can put a small pillow or folded towel between the strap and your body to help with this.
  • For 3 to 5 days after your implanted port is placed, don’t lift anything heavier than 10 pounds (4.5 kilograms).
After your incision heals

Once your incision heals, you can return to your normal daily activities, such as household tasks, job responsibilities, and exercise. You can swim with your implanted port as long as there is no needle in place. Don’t play any contact sports, such as football or rugby.

Your implanted port may raise your skin about ½ an inch (1.2 centimeters). You may be able to feel it through your skin, but you probably won’t be able to see it when you wear a V-neck shirt. Most people won’t know that you have it.

The skin over your implanted port doesn’t need any special care. You can wash it as you normally would.

When your implanted port is being used, you will have a see-through bandage over the needle. The bandage must be kept dry and in place while the needle is in the port. You don’t need a bandage over the implanted port when it’s not being used.

Your implanted port won’t set off metal detectors.

Flushing your implanted port

Your implanted port will need to be flushed by a nurse every 4 weeks when it’s not being used. This is done to make sure the catheter doesn’t become blocked. If it becomes blocked, it may not work anymore and it may have to be removed.

Back to top

Call Your Interventional Radiologist if You:

  • Have new or increased pain at the site of your port
  • Have swelling or a growing bruise at the site of your port
  • Have pus or fluid coming from your incision(s)
  • Notice your incision(s) are hot, tender, red, or irritated


Back to top

Call Your Healthcare Provider if You Have:

  • A fever of 100.4° F (38° C) or higher
  • Chills

Back to top

Tubes, Lines, Ports, and Catheters Used in Cancer Treatment

If you need surgery, chemotherapy, or other types of treatment, equipment like tubes, lines, ports, and catheters might be used. The type of equipment that’s used depends mostly on the reason it’s needed, but it will also depend on your health and preferences, as well as the preferences of your cancer care team.

Tubes, lines, ports, and catheters might be needed to give cancer treatments, other medicines, fluids, blood products, oxygen, and liquid nourishment (food or feedings). Sometimes tubes are used to pull or drain fluid from the body after surgery or during other treatment-related procedures.

You may not have to take care of any kinds of equipment like this. But if you do, you will be taught how to safely use the equipment and care for the area where they attach to your body.

Tubes used to give medicine or nourishment

Liquid medicines or feedings might be given through a tube placed in the stomach or the small intestine. They are often called tube feedings. If these feedings will only be needed for a short time, a tube can be put in through the nose and directed down to the stomach without needing surgery.  If liquid food is needed for a longer period of time, surgery might be done to insert a feeding tube through the skin of the belly and directly into the stomach (a gastrostomy tube, or G tube) or the small intestine (a jejunostomy tube, or J tube).

Tubes used for tube feeding should be kept clean but don’t have to be sterile. The bags used to give feedings can be cleaned and re-used for the same person. Your nurse will teach you how to clean them and when they should no longer be re-used.

Oxygen tubes

If you need oxygen, it can be given through a mask or tube (called a nasal cannula) placed just under your nose. Tubing connects the mask or cannula to an oxygen tank or oxygen concentrator. Oxygen flows through the tubes continuously by itself. It’s very important to use oxygen safely. Make sure you know how to care for the tank and other equipment and that you follow all instructions. Don’t allow anyone to smoke or use open flames, including candles, in areas where oxygen is being used.

Tubes used to drain fluids from the body

Draining tubes might be used to help drain extra fluid that builds up after surgery or a procedure, or because of a tumor blockage. Draining tubes can be used in different ways. For example, a tube might be:

  • Put in through the nose that goes to the stomach, called a nasogastric (NG) tube might be used if there’s a blockage or obstruction. Or, a tube can be put into the stomach (gastric tube) or rectum (rectal tube) to drain excess fluid or help with a blockage.
  • Inserted into the chest between two ribs to drain extra fluid from the lungs or to help keep lungs filled with air.
  • Inserted into the abdomen to drain extra fluid that builds up due to certain cancers.
  • Put into the bladder to drain urine after surgery or because of other problems that might come up.
  • Put into a colostomy or the rectum to help drain intestinal waste if needed.

If you leave the hospital with any drainage tubes, your nurse will teach you how to care for them and what problems to watch for.

Intravenous (IV) lines, catheters, and ports

Intravenous (IV) lines are thin, flexible, plastic hoses that run from a bottle or bag of medicine into a tiny needle or intravenous catheter (a small, flexible tube) placed in a vein in your body. IV lines must always be germ-free (“sterile”) to be sure no infections get into your blood. IV supplies are used only once and are never re-used. They are used to put medicines, blood products, nutrients, or fluids right into your blood. Sometimes, they can also be used to take out blood for testing.

Medicines can be given through these catheters at different speeds (called rates). Sometimes medicines are given through the catheters in just a few minutes, while other medicines may need to be given over a period of hours. The speed depends on the type of treatment being given and the type of catheter being used. Sometimes medicines can be given just by attaching a syringe to the catheter and pushing the medication into it, while other times the medication is attached to a mechanical pump that makes sure only a certain amount of medication is sent through the catheter each hour.

There are different kinds of IV lines and catheters. Which kind is used depends on what the IV is needed for, how often it is needed, the type of medicine that will be given through it, and the care it might need.

If you leave the hospital with an IV line, catheter, or port, your nurse will teach you how to care for it and what problems to watch for.

Peripheral IVs

Regular IVs are placed into a vein in your arm or hand, and are only there for a short period of time. These are called peripheral IV lines. This is a tiny plastic tube about an inch long with a plastic hub. A needle is used to put the catheter into a vein in your forearm or hand, and then the needle is removed, leaving the catheter in the vein with the hub outside the skin. An adhesive dressing is put on top of the hub. A peripheral IV can only stay in for a few days, at most, so if you’re getting treatment at a clinic, it will be put in before your treatment and taken out before you leave. If you need to be treated over weeks or months, you will need many IVs, or your doctor might recommend a central venous catheter.

Central venous catheters (CVCs): Ports and catheters

Central venous catheters (CVCs) are also called central venous access devices (CVADs), central catheters, or central lines. The catheter is a soft, narrow tube that is placed into a large vein near your heart. The other end of the catheter, where medicine and fluid is given, looks different depending on the type of CVC you have. CVC catheters are bigger and longer than peripheral IVs.

Not everyone getting cancer treatment will need a CVC, but there are several situations where they can be helpful. You might need a CVC if:

  • You have fragile or hard-to-find veins.
  • One or both of the arms cannot be used for IVs.
  • Your veins have been damaged from treatment.
  • Your treatment is expected to last several months or longer.
  • You need to be given a drug that can be very hard on the veins or could cause skin damage if it leaks outside a peripheral IV.
  • You need to be given lots of different medicines and treatments at the same time.
  • You will need hyperalimentation (TPN), a liquid form of nourishment that is given by IV. This can be very hard on veins, and might be needed for an extended period of time.

As long as a CVC is cared for and doesn’t develop problems, it can stay in for as long as you’re getting treatment. Some types can be left in place even after treatment ends.

There are different kinds of CVCs. Here are some of the most common (more details are in the sections below):

  • Implanted port: This is a catheter that’s inserted through your chest into a large vein near your heart, or sometimes into a vein in your arm or abdomen. It has an access port at the end of the catheter, underneath your skin. Nothing sticks out of your skin, but there is a small bulge where the port is located. To use the port, your nurse will insert a special needle through your skin where the port is located. Then a dressing is put over it, and the needle is connected to a syringe or IV line to infuse or inject (give) your medicine or fluids. Most blood tests can also be drawn from a port.
  • Peripherally inserted central catheter (PICC line): This type is inserted into your arm and threaded through a vein that connects to a large vein near your heart. The end of the catheter sticks out of your arm through your skin, with a dressing over it. When needed, a nurse will connect it to an IV line to infuse or inject the medicine or fluid you need. Sometimes blood can be drawn this way, too.
  • Other types of CVCs: Some CVCs are inserted into your chest and threaded into a large vein near your heart. The end of the catheter might have 1, 2, or 3 different tubes sticking out of the skin in your chest, with a dressing over it. The tubes are used to connect an IV line so your medicine or fluids can be infused or injected, or the catheters can be used to have blood drawn.

Before you agree to get a CVC, talk with your cancer care team about the type they recommend and why. They can help you decide if you need a CVC and the right type of CVC for you. Some of these devices can restrict certain activities, and safety can be a concern. Each type comes with its own specific care and possible problems and complications.

Implanted port

An implanted port (also called an implantable venous access port) is a common choice for people with cancer. The port is a small drum made of plastic or metal, with a thin tube (called a line) going into a large vein. The drum is covered with a self-sealing membrane (called a septum) made of silicone. It stays underneath your skin, but there will be a small bulge where the port is located.

The port is placed during surgery. Checks are done to confirm that the line is in the right position and that it works. Once confirmed, the port can be used right away.

Ports are most often placed under the skin of the chest or arm. With certain types of cancer, a port might be placed in the abdomen (belly) to allow medicine to be given into the area where a tumor is.

To use the port, a nurse sticks a special needle through the skin and into the port’s septum. Ports can be removed when treatment is done, or they can be left in place for months or years.

Single and double ports are available. A single port is shown in the picture below; a double port looks like 2 drums attached to each other. Some brand names of ports include Port-A-Cath, BardPort, PassPort, Medi-port, and Infusaport.

Once the port is inserted and the incision heals, the skin around it doesn’t require any special care. You can bathe, shower, or even swim. Your cancer care team will tell you when it’s OK to do these things.

When a port is used for treatment or to draw blood, a special needle (called a non-coring needle) is used to access the port through the skin. This will hurt a little, since it’s a needle going through your skin.

When it’s not being used, you will likely need to have the port flushed out about once a month. This involves using the special non-coring needle to access the port and flushing some fluid through it. This regular flushing is sometimes called maintenance flushing. It’s done so the port and catheter inside stay open and clear in case you need to use it again.

A PICC line (peripherally inserted central catheter) is a soft tube that is placed into a vein in the arm. A needle is used to put the PICC line into the vein, and the catheter (or line) is threaded through the needle, up through the arm to end in a large vein in the chest near the heart. The needle is then removed. You won’t need surgery to get a PICC line. After it’s in place, there may be one or more “tails” (catheters or lines sticking out of the skin) on the PICC. It can be left in for many weeks to months.

Some brand names of PICC lines are Per-Q-Cath and Groshong PICC.

What Is A Port-A-Cath?

What is a port-a-cath?

A port-a-cath, also referred to as a port, is an implanted device which allows easy access to a patient’s veins. A port-a-cath is surgically-inserted completely beneath the skin and consists of two parts – the portal and the catheter. 

The portal is typically made from a silicone bubble and appears as a small bump under the skin. The portal, made of special self-sealing silicone, can be punctured by a needle repeatedly before the strength of the material is compromised. Its design contributes to a very low risk of infection. The slender, plastic catheter attached to the portal is threaded into a central vein (usually the jugular vein, subclavian vein, or the superior vena cava). 

What is the indication for a port-a-cath?

Ports are indicated for patients requiring frequent and long-term intravenous therapy, such as the oncology population. Having a port allows healthcare professionals easy access to a major vein with low risk of infection.

This benefit is extremely important for the immunocompromised population of oncology patients. Additionally, it reduces the pain that would otherwise be experienced with countless needle pokes for IVs, since the skin over a port hub becomes thicker and desensitized.

Another consideration is that oncology patients may receive chemotherapy often, which can be toxic and erosive to tissues in the body. By infusing chemotherapy through a strong vein via port, the medication has a lower chance of leaking into tissues and causing extravasation or irritation. 

The implantation of a port is considered a minor procedure performed under local or general anesthesia by an interventional radiologist or surgeon. With one or two small incisions, the catheter is threaded into the vein and attached to the portal chamber. The procedure is typically completed within one hour. A simple x-ray is used for post-operative imaging to confirm appropriate placement of the port. For a few days after the procedure, the patient may experience discomfort at the insertion site, which can be managed by NSAIDs.

Once a port is cleared for use, a patient may receive intravenous therapy through it for the course of his/her treatment. An adult portal chamber can take about 2,000 punctures on average, which may last a patient several years.

Are there different types of ports?

A port can be single or double lumen. Single lumen ports are most common and typically sufficient for patients requiring scheduled intravenous therapy. 

However, having a double lumen port is advantageous for patients who often receive multiple intravenous therapies at once. If two intravenous agents aren’t compatible in the same line, you can infuse both simultaneously in different port lumens without complication. The double lumen port also allows concurrent infusion of medication, chemotherapy, blood products, or parenteral nutrition. It is also beneficial for drawing labs without interruption of an infusion. 

Ports can be referred to by brand name, like Port-a-cath or Mediport. Regardless of the terminology, all ports function the same way, with the exception of the PowerPort. 

A PowerPort is a special type of port, available in single or double lumen, which can withstand higher injection pressures. This is an important consideration for receiving intravenous CT contrast dye. A PowerPort must be accessed with a particular type of needle, a PowerLoc needle, in order to inject contrast.

The portal chamber is always characterized by a triangular shape body, which can be palpated under the skin. In addition, a patient with a PowerPort will receive a wallet-sized identification, key ring card, and bracelet. It is helpful for patients to carry one or all of these identifiers to help healthcare professionals in the future appropriately access and utilize the PowerPort. 

(Image of a triangular PowerPort)

The surgeon determines the location of the port on the body based on a patient’s internal anatomy or personal preference. It is most often placed under the subcutaneous tissue of the chest, upper arm, or lower rib cage.

What are some important things to know about caring for ports?

A port provides direct access to a major vein, so if the line becomes infected, it could be detrimental to a patient’s wellbeing. In order to avoid line infections potentially leading to sepsis, healthcare professionals need to take great care when handling ports. Ports should be accessed using sterile procedure. When being handled for treatment, the end of the line outside of the body needs to be cleaned according to hospital policy with each use. Additionally, always wash hands before touching the catheter tip.

Some signs of port-related infection may include local swelling, warmth, redness, or pus formation. Systemic symptoms may include fever or chills. If infection is suspected, contact the MD immediately. Blood cultures will likely be drawn BEFORE administering antibiotics, and if the infection cannot be treated with medication, the line may be pulled completely. 

If your patient is receiving intravenous therapy through a port, especially chemotherapy, check the site every hour for signs of infiltration or phlebitis. Assessing the port is especially important for patients receiving chemotherapy agents that are vesicants. For these particular chemotherapies, you will often check for blood return every couple hours during infusion to confirm appropriate placement. 

Port catheters do have the potential to crack or rupture with excessive injection pressure. It is important to pay attention to syringe size to avoid creating too much intraluminal pressure. The smaller the syringe, the greater the force on injection. For this reason, many hospital policies do not allow you to use smaller than 10cc syringes to inject and aspirate from the port line. 

The catheter tip in the vein may “swim” or float to another area in the body. The tip may also be pushing against the wall of the vein. If you are unable to flush or get return, DO NOT use force to flush the tubing. Have the patient try to change position, lift his/her arms above the head, or breathe deeply and cough.

If the port still does not function appropriately, the patient may need to get an x-ray to confirm placement of the catheter. If a thrombosis is suspected, gently pulse a flush of normal saline to dislodge the clot. If the clot does not flush, the MD may order tPA (tissue plasminogen activator) to help break up the clot. To prevent clotting, a port must be flushed with normal saline daily and locked with heparin when not in use. 

What are the overall benefits for a patient with a port?

  • Easy and quick access with less pain than typical needle sticks
  • Longevity of device use
  • Reduction of infection risk
  • Low maintenance care at home 
  • Body image (not noticeable under the skin)

How-To Access a Port:

You will need:

  • A Port Access Kit (sterile gloves, CHG cleanser, central line dressing kit, skin protectant)
  • A Biopatch (or disc impregnated with CHG)
  • Masks for yourself and the patient
  • Needless Connector
  • A 90 degree, Non-Coring Port needle (also called a Huber needle) or PowerLoc needle for PowerPort
  • Sterile Normal Saline flush syringe 
  1. Explain the procedure to the patient. If the patient has sensitive skin or for pediatric patients, you can use Emla Cream or Freeze Spray as a local anesthetic on the port site. Ask the patient if they use a particular needle size or if they have a PowerPort.
  2. Perform hand hygiene and apply clean gloves
  3. Locate and palpate the port.
  4. Place a mask on the patient and nurse.
  5. Perform hand hygiene again.
  6. Open the sterile port access kit and create a sterile field. Add your non-coring needle, Biopatch, and sterile 10cc syringe to the field. 
  7. Apply sterile gloves.
  8. Attach the flush to the non-coring needle and purge the air by priming the line until you see the saline drip from the needle tip.
  9. Scrub the site clean with CHG from the kit using a back and forth/up and down motion for the amount of time indicated on the directions, typically 30 seconds to 1 minute in each direction. 
  10. Allow the antiseptic to dry on the skin.
  11. Stabilize the port with the index finger and thumb of your non-dominant hand. 
  12. With the needle at a 90 degree angle from the skin, insert the needle into the center of the portal chamber until you feel the needle hit resistance at the back of the chamber.
  13. Aspirate the syringe to assess for blood return and verify placement.
  14. Once blood return is verified, flush the tubing and clamp. Connect the needless connector. 
  15. Apply the Biopatch around the needle with the blue side up. 
  16. Apply skin protectant around the site. 
  17. Cover the entire site with a transparent dressing. All sides should be occlusive. If patients have sensitivity to Tegaderm, Opsite may be used.
  18. Label the site with date, time, and nurse’s initials. 
  19. Re-access the site and change the dressing according to hospital policy. 

This YouTube video shows the proper steps to access a port. 

If you are caring for a patient with a port and have any further questions, please refer to hospital policy or contact your nurse educator. 

Venous Access Ports: Indications, Implantation Technique, Follow-Up, and Complications

  • 1.

    Forssmann W (1929) Die Sondierung rechten Herzens. Klin Wochenschr 8:2080

    Google Scholar 

  • 2.

    Aubaniac R (1952) Subclavian intravenous injection: advantages and technic. Presse Med 60(68):1456


    Google Scholar 

  • 3.

    Stevens B, Barton SE, Brechbill M et al. (2000) A randomized prospective trial of conventional vascular ports vs. the Vortex “clear flow” reservoir port. JVAD

  • 4.

    Ryder MA (1995) Peripheral access options. Surg Oncol Clin North Am 4:395–427


    Google Scholar 

  • 5.

    Foley MJ (1995) Radiologic placement of long-term central venous peripheral access system ports (PAS port): results in 150 patients. J Vasc Interv Radiol 6(2):255–262


    Google Scholar 

  • 6.

    Vardy J, Engelhardt K, Cox K et al (2004) Long-term outcome of radiological-guided insertion of implanted central venous access port devices (CVAPD) for the delivery of chemotherapy in cancer patients: institutional experience and review of the literature. Br J Cancer 91(6):1045–1059


    Google Scholar 

  • 7.

    Teichgräber UK, Kausche S, Nagel SN et al (2011) Outcome analysis in 3, 160 implantations of radiologically guided placements of totally implantable central venous port systems. Eur Radiol 21(6):1224–1232


    Google Scholar 

  • 8.

    Haindl H, Müller H (1988) An atraumatic needle for the puncture of ports and pumps. Klin Wochenschr 66(20):1006–1009


    Google Scholar 

  • 9.

    Müller H, Zierski J (1988) The Huber needle as a special cannula for the puncture of implanted ports and pumps: a mistake in multiple variations. Klin Wochenschr 66(19):963–969


    Google Scholar 

  • 10.

    Biffi R, De Braud F, Orsi F et al (2001) A randomized prospective trial of central venous ports connected to standard open-ended or Groshong catheters in adult oncology patients. Cancer 92(5):1204–1212


    Google Scholar 

  • 11.

    Hsieh CC, Weng HH, Huang WS et al (2009) Analysis of risk factors for central venous port failure in cancer patients. World J Gastroenterol 15(37):4709–4714


    Google Scholar 

  • 12.

    Ong CK, Sudhakar KV, Lau GB et al (2010) Prospective randomized comparative evaluation of proximal valve polyurethane and distal valve silicone peripherally inserted central catheters. J Vasc Interv Radiol 21:1191–1196


    Google Scholar 

  • 13.

    Maki DG, Kluger DM, Crnich CJ (2006) The risk of bloodstream infection in adults with different intravascular devices: a systematic review of 200 published prospective studies. Mayo Clin Proc 81:1159–1171


    Google Scholar 

  • 14.

    Akahane A, Sone M, Ehara S et al. (2010) Subclavian vein versus arm vein for totally implantable central venous port for patients with head and neck cancer: a retrospective comparative analysis. Cardiovasc Intervent Radiol (in press)

  • 15.

    Ghandi RT, Getrajdman GI, Brown KT et al (2003) Placement of subcutaneous chest wall ports ipsilateral to axillary lymph node dissection. J Vasc Interv Radiol 14:1063–1065


    Google Scholar 

  • 16.

    Erinjeri JP, Fong AJ, Kemeny NE et al (2011) Timing of administration of bevacizumab chemotherapy affects wound healing after chest wall port placement. Cancer 117(6):1296–1301


    Google Scholar 

  • 17.

    Sansivero GE (2010) Features and selection of vascular access devices. Semin Oncol Nurs 26(2):88–101


    Google Scholar 

  • 18.

    Ryan JM, Ryan BM, Smith TP (2004) Antibiotic prophylaxis in interventional radiology. J Vasc Interv Radiol 15:547–556


    Google Scholar 

  • 19.

    Venkatesan AM, Kundu S, Sacks D (2010) Practice guideline for adult antibiotic prophylaxis during vascular and interventional radiology procedures. J Vasc Interv Radiol 21:1611–1630


    Google Scholar 

  • 20.

    Denys GB, Uretsky BF, Reddy PS (1993) Ultrasound-assisted cannulation of the internal jugular vein: a prospective comparison to the external landmark-guided technique. Circulation 87:1557–1562


    Google Scholar 

  • 21.

    Skolnick ML (1994) The role of sonography in the placement and management of jugular and subclavian central venous catheters. AJR Am J Roentgenol 163:291–295


    Google Scholar 

  • 22.

    Contractor SG, Phatak TD, Klyde D et al (2009) Single-incision technique for tunneled venous access. J Vasc Interv Radiol 20(8):1052–1058


    Google Scholar 

  • 23.

    Cil BE, Canyigit M, Peynircioglu B et al (2006) Subcutaneous venous port implantation in adult patients: a single center experience. Diagn Interv Radiol 12:93–98


    Google Scholar 

  • 24.

    McNulty NJ, Perrich KD, Silas AM et al (2010) Implantable subcutaneous venous access devices: is port fixation necessary? A review of 534 cases. Cardiovasc Intervent Radiol 33(4):751–755


    Google Scholar 

  • 25.

    Singer AJ, Thode HC Jr (2004) A review of the literature on octylcyanoacrylate tissue adhesive. Am J Surg 187(2):238–248


    Google Scholar 

  • 26.

    Merrer J, De Jonghe B, Golliot F et al (2001) Complications of femoral and subclavian venous catheterization in critically ill patients: a randomized controlled trial. JAMA 286(6):700–707


    Google Scholar 

  • 27.

    Hamilton HC, Foxcroft DR (2007) Central venous access sites for the prevention of venous thrombosis, stenosis and infection in patients requiring long-term intravenous therapy. Cochrane Database Syst Rev 3:CD004084

  • 28.

    Simpson KR, Hovsepian DM, Picus D (1998) Interventional radiologic placement of chest wall ports: Results and complications in 161 consecutive placements. J Vasc Interv Radiol 8:189–195


    Google Scholar 

  • 29.

    Ballarini C, Intra M, Ceretti AP et al (1999) Complications of subcutaneous infusion port in the general oncology population. Oncology 56:97–102


    Google Scholar 

  • 30.

    Dariushnia SR, Wallace MJ, Siddiqi NH et al (2010) Quality improvement guidelines for central venous access. J Vasc Interv Radiol 21:976–981


    Google Scholar 

  • 31.

    Lyon SM, Given M, Marshall NL (2008) Interventional radiology in the provision and maintenance of long-term central venous access. J Med Imaging Radiat Oncol 52:10–17


    Google Scholar 

  • 32.

    Bessoud B, de Baere T, Kuoch V et al (2003) Experience at a single institution with endovascular treatment of mechanical complications caused by implanted central venous access devices in pediatric and adult patients. AJR Am J Roentgenol 180:527–532


    Google Scholar 

  • 33.

    Schwarz RD, Coit DG, Groeger JS (2000) Transcutaneously tunneled central venous lines in cancer patients: An analysis of device-related morbidity factors based on prospective data collection. Ann Surg Oncol 7:441–449


    Google Scholar 

  • 34.

    NKF-K/DOQI (2001) Clinical practice guidelines for vascular access: Update 2000. Am J Kidney Dis 37(Suppl):S137–S181

    Google Scholar 

  • 35.

    Marcy PY (2008) Central venous access: techniques and indications in oncology. Eur Radiol 18:2333–2344


    Google Scholar 

  • 36.

    Yildizeli B, Lacin T, Batirel HF et al (2004) Complications and management of long-term central venous access catheters and ports. J Vasc Access 5(4):174–178


    Google Scholar 

  • 37.

    Douard MC, Arlet G, Longuet P et al (1999) Diagnosis of venous access port-related infections. Clin Infect Dis 29(5):1197–1202


    Google Scholar 

  • 38.

    Capdevila J, Planes AM, Palomar M et al (1992) Value of differential quantitative blood cultures in the diagnosis of catheter-related sepsis. Eur J Clin Microbiol Infect Dis 11(5):403–407


    Google Scholar 

  • 39.

    Bouza E, Burillo A, Munoz P (2002) Catheter-related infections: diagnosis and intravascular treatment. Clin Microbiol Infect 8(5):265–274


    Google Scholar 

  • 40.

    Biffi R, de Braud F, Orsi F et al (1998) Totally implantable central venous access ports for long-term chemotherapy. A prospective study analyzing complications and costs of 333 devices with a minimum follow-up of 180 days. Ann Oncol 9:767–773


    Google Scholar 

  • 41.

    O’Grady NP, Alexander M, Dellinger EP et al (2002) Guidelines for the prevention of intravascular catheter-related infections. Am J Infect Control 30:476–489


    Google Scholar 

  • 42.

    Faetkenhuer G, Buchheidt D, Cornely OA et al (2003) Central venous catheter (CVC)-related infections in neutropenic patients. Ann Hematol 82(2):140–152

    Google Scholar 

  • 43.

    Hall K, Farr B (2004) Diagnosis and management of long-term central venous catheter infections. J Vasc Interv Radiol 15:327–334


    Google Scholar 

  • 44.

    Beathard GB (2001) Catheter thrombosis. Semin Dial 14:441–445


    Google Scholar 

  • 45.

    Hoshal VL Jr, Ause RG, Hoskins PA (1971) Fibrin sleeve formation on indwelling subclavian central venous catheters. Arch Surg 102:253–258


    Google Scholar 

  • 46.

    Balestreri L, De Cicco M, Matovic M et al (1995) Central venous catheter-related thrombosis in clinically asymptomatic oncologic patients: a phlebographic study. Eur J Radiol 20:108–111


    Google Scholar 

  • 47.

    De Cicco M, Matovic M, Balestreri L et al (1997) Central venous thrombosis: an early and frequent complication in cancer patients bearing long-term Silastic catheter. A prospective study. Thromb Res 86:101–113


    Google Scholar 

  • 48.

    Daeihagh P, Jordan J, Chen J et al (2000) Efficacy of tissue plasminogen activator administration on patency of hemodialysis access catheters. Am J Kidney Dis 36:75–79


    Google Scholar 

  • 49.

    Deitcher SR, Fesen MR, Kiproff PM et al (2002) Cardiovascular thrombolytic to open occluded lines—2 investigators. Safety and efficacy of alteplase for restoring function in occluded central venous catheters: Results of the cardiovascular thrombolytic to open occluded lines trial. J Clin Oncol 20(1):317–324


    Google Scholar 

  • 50.

    Angle JF, Shilling AT, Schenk WG et al (2003) Utility of percutaneous intervention in the management of tunneled hemodialysis catheters. Cardiovasc Intervent Radiol 26:9–18


    Google Scholar 

  • 51.

    Gray RJ, Levitin A, Buck D et al (2000) Percutaneous fibrin sheath stripping versus transcatheter urokinase infusion for malfunctioning well-positioned tunneled central venous dialysis catheters: a prospective, randomized trial. J Vasc Intervent Radiol 11:1121–1129


    Google Scholar 

  • 52.

    Chew H, Wun T, Harvey DJ et al (2007) Incidence of venous thromboembolism and the impact on survival on breast cancer patients. J Clin Oncol 25(1):70–76


    Google Scholar 

  • 53.

    Karthaus M, Kretzschmar A, Kroning H et al (2005) Dalteparin for prevention of catheter-related complications in cancer patients with central venous catheters: final results of a double-blind, placebo-controlled phase III trial. Ann Oncol 176:289–296


    Google Scholar 

  • 54.

    Couban S, Goodyear M, Burnell M et al (2005) Randomized, placebo-controlled study of low-dose warfarin for the prevention of central venous catheter-associated thrombosis in patients with cancer. J Clin Oncol 23:4063–4069


    Google Scholar 

  • 55.

    Kuo YS, Schwartz B, Santiago J, Anderson PS, Fields AL, Goldberg GL (2005) How often should a Port-a-Cath be flushed? Cancer Invest 25:582–585


    Google Scholar 

  • 56.

    Vescia S, Baumgartner AK, Jacobs VR et al (2008) Management of venous port systems in oncology: a review of current evidence. Ann Oncol 19:9–15


    Google Scholar 

  • 57.

    Bern M, Lokich J, Sabina R et al (1990) Very low doses of warfarin can prevent thrombosis in central venous catheters. Ann Intern Med 112:423–428


    Google Scholar 

  • 58.

    Owens CA, Bui JT, Knuttinen MG et al (2010) Pulmonary embolism from upper extremity deep vein thrombosis and the role of superior vena cava filters: a review of the literature. J Vasc Interv Radiol 21:779–787


    Google Scholar 

  • 59.

    Kaufman JA, Crenshaw WB, Kuter I et al (1995) Percutaneous placement of a central venous access device via an intercostal vein. Am J Roentgenol 164(2):459–460


    Google Scholar 

  • 60.

    Ferral H, Bjarnason H, Wholey M et al (1996) Recanalization of occluded veins to provide access for central catheter placement. J Vasc Interv Radiol 7(5):681–685


    Google Scholar 

  • Catheters and Ports | Vascular Center

    What are catheters and ports?

    Patients whose treatment requires intravenous (IV) access for more than seven to 10 days may benefit from vascular access placement. Other patients have veins that make it difficult to place an IV, making the only option.

    What is a central catheter?

    A central catheter is a long, thin, flexible tube inserted into a vein in the arm, neck or chest just beneath the collarbone. Once inside the body, the tube is threaded into the major vein in the center of the chest. Central catheters allow the delivery of liquid medication and nutrients. Pressure can also be monitored in the large vein, which helps assess heart function.

    What is a midline catheter?

    A shorter, thin, flexible tube is inserted into a vein near the elbow and threaded through the large vein in the upper arm. It cannot be used with some of the more irritating medications, but can be inserted by a nurse at the bedside without the need for guided imaging.

    What is a peripherally inserted central catheter?

    This type of catheter is also inserted into an arm vein, but its tip lies in a central chest vein. It can remain in place for three to six months, but is still considered temporary. If the superficial veins are good, a nurse can put this kind of catheter in place at the bedside. However, imaging guidance and the expertise of a radiologist is necessary in approximately half of all cases.

    What is a tunneled catheter?

    A tunneled catheter is a permanent catheter that is fixed in place when tissue forms around a cuff beneath the skin. It is inserted through either the internal jugular vein in the neck or the subclavian vein just below the collarbone. It is threaded into the chest wall and emerges from the skin about six inches from where it was inserted. This type of catheter is useful in patients requiring multiple line uses a day for more than three months. However, 10 to 15 percent of these catheters must be removed due to infection, so they must be closely monitored.

    What is an implantable port?

    This type of access is inserted beneath the skin and is ideal for cancer patients who require regular doses of chemotherapy — usually about once every two to four weeks. It provides permanent access and consists of a catheter attached to a small reservoir implanted beneath the skin. A small bulge is visible where the reservoir is located. The catheter is inserted into the neck or shoulder and ends in the large central vein in the chest.

    Configuring IP addresses and ports for POP3 and IMAP4 access: Exchange 2013 Help

    • Reading takes 2 minutes

    Was the information on this page helpful?

    Please rate your experience



    Want to leave additional feedback?

    Feedback will be sent to Microsoft.By clicking Submit, you agree to use your feedback to improve Microsoft products and services. Privacy Policy.


    This Article

    Applies To: Exchange Server 2013

    You can use the Shell and EAC to configure Microsoft Exchange POP3 and IMAP4 services to use non-default IP addresses and ports.


    Enter IP addresses and IP address ranges in IPv4, IPv6, or both. When Windows Server 2008 is installed in a default configuration, IP version 4 and IP version 6 support is enabled.

    For more information about POP3 and IMAP4, see pop3 and IMAP4 in Exchange Server 2013

    Things to Know Before You Start


    Having problems? Ask for help in the Exchange forums.You can go to the forums at the following link: Exchange Server.

    Configuring IP addresses and ports for POP3

    Using EAC to configure IP addresses and ports for POP3

    1. In the EAC, go to Servers > Servers .

    2. In the list of servers, select a Client Access server, and then click the Change icon Change icon. .

    3. On the server properties page, click POP3 .

    4. In TLS or unencrypted connections, click the Add icon button.

    5. On page Add IP Address in the IP Address section, select one of the options.

      • All available IPv4 ip addresses. Use all available IPv4 IP addresses for the server.

      • All available IPv6 IP addresses. Use all available IPv6 IP addresses for the server.

      • Enter the IP address. Use a specific IP address.

    6. In the Port section, enter the port number or accept the default.

    7. Click the Save button to save the changes.

    After setting the IP address and port for POP3, you must restart the POP3 service for the changes to take effect. For more information about restarting the POP3 service, seeFor more information, see Starting and stopping POP3 services.

    Using the Shell to configure IP addresses and ports for POP3

    Run the following command to set the IP address and port for POP3 communication with Exchange with SSL.

      Set-PopSettings -SSLBindings: IPaddress: Port

    To set the IP address and port for POP3 communication with Exchange without encryption or with TLS encryption, run the following command.

      Set-PopSettings -UnencryptedOrTLSBindings IPaddress: Port

    After setting the IP address and port for POP3, you must restart the POP3 service for the changes to take effect.For more information on how to restart the POP3 service, see Starting and stopping the POP3 services.

    For detailed syntax and parameter information, see Set-PopSettings.

    How to check that everything worked out?

    Follow these steps to ensure that you have changed the IP address and POP3 port settings on the server.

    1. Run the following command in a Shell.

        Get-PopSettings | format-list
    2. Make sure the UnencryptedOrTLSBindings and SSLBindings are correct.

    Configuring IP Addresses and Ports for IMAP4

    Using EAC to Configure IP Addresses and Ports for IMAP4

    1. In the EAC, go to Servers > Servers .

    2. In the list of servers, select a Client Access server, and then click the Change icon Change icon. .

    3. On the server properties page, click IMAP4 .

    4. If you want to set the parameters for TLS or unencrypted connection under TLS or unencrypted connections, click the button Add . If you want to change the Secure Sockets Layer (SSL) connection settings under Secure Sockets Layer (SSL) connections click the Add button.

    5. On page Add IP Address in the IP Address section, select one of the options.

      • All available IPv4 ip addresses. Use all available IPv4 IP addresses for the server.

      • All available IPv6 IP addresses. Use all available IPv6 IP addresses for the server.

      • Enter the IP address. Use a specific IP address.

    6. In the Port section, enter the port number or accept the default.

    7. Click the Save button to save the changes.

    After you set the IP address and port for IMAP4, you must restart the IMAP4 service for the changes to take effect. For more information about restarting the IMAP4 services, see Starting and stopping the IMAP4 services.

    Use the Shell to configure IP addresses and ports for IMAP4

    To set the IP address and port for IMAP4 communications with Exchange, run the following command.

      Set-ImapSettings -SSLBindings: IPaddress: Port

    To set the IP address and port for unencrypted or TLS encrypted IMAP4 communication with Exchange with Exchange, run the following command.

      Set-ImapSettings -UnencryptedOrTLSBindings IPaddress: Port

    After you set the IP address and port for IMAP4, you must restart the IMAP4 service for the changes to take effect. For more information about how to restart the IMAP4 service, see Starting and stopping the IMAP4 services.

    For detailed syntax and parameter information, see Set-ImapSettings.

    How to check that everything worked out?

    Follow these steps to ensure that you have changed the IP address and IMAP4 port settings on the server.

    1. Run the following command in a Shell.

        Get-ImapSettings | format-list
    2. Make sure the UnencryptedOrTLSBindings and SSLBindings are correct.

    Additional Information

    After configuring the IP addresses and ports for POP3 and IMAP4, you can do the following.

    How to enable IMAP4 in Exchange 2016

    How to enable POP3 in Exchange 2013

    How do I open the ports of my TP-Link 11N Wi-Fi router (new interface)?

    This article is suitable for:

    Archer C1200, Archer C5400, Archer A2600, Archer AX55, Archer C4, Archer C5200, Archer AX53, Archer C5, Archer AX10, Archer C2, Archer AX51, Archer AX96, Archer C5 V4, Archer A2200, Archer C6U, Archer C5 W , TL-WR940N (V5 V6), Archer C80, Archer C8, Archer AX10000, Archer C3150, Archer C9, Archer AX50, Archer C6, Archer C7, Archer AX90, Archer AX6000, TL-WR843N (V3), Archer C25, Archer C24, Archer A20, Archer A64, Archer C60, Archer C2600, Archer A1200, Archer C21, Archer C20, Archer C64, TL-WR840N (V3 V4 V5 V6), Archer A10 Pro, Archer AX1800, TL-WR945N (V1), Archer AX206, TL-WR844N (V1), Archer C59, Archer C58, Archer AX4200, Archer C3200, Archer C900, Archer A2, Archer AX75, Archer AX4400, Archer C3000, Archer AX73, Archer A10, Archer A54, Archer AX4800, Archer C50, Archer C1900, Archer C54, Archer A2300, TL-WR841N (V12 V13 V14), TL-WR740N (V7), Archer C20i, Archer A2600 Pro, Archer A6, Archer A7, Archer A X72, Archer A5, Archer GX90, TL-WR845N (V3 V4), Archer A8, Archer A9, Archer AX68, Archer C2300, Archer AX5300, Archer C1210, Archer AX23, Archer C4000, Archer AX21, Archer A3000, TL-WR850N ( V1), Archer AX1500, Archer C90, Archer AX60, Archer AX11000, Archer AX3200, Archer AX3000

    Step 1

    Log in to your router’s web page:

    How to log into the Web-based Utility (Control Window) of TP-Link Wireless Router?

    Step 2

    Click Forwarding Virtual Servers on the left side and then click Add .

    Step 3

    Enter the port of the service you want to open and the IP address of your device for which you want to open the port; select the protocol TCP, UDP or ALL; Change the status to Enabled.

    Step 4

    Click Save to save the settings.


    It is advisable to assign a static IP address for your server, so the Virtual Servers entry will be active all the time.

    Or you can just make an IP address reservation for the server. To do this, refer to the following link:

    How to set up address reservation on TP-Link Wi-Fi router (new logo)?

    Step 5

    Go to the status page and check the WAN IP address of the router. Now you can try using the WAN IP address and port number to access the service from the external network.

    If the WAN IP of the router is not a public IP but a private IP, it means there is another NAT device connected to the WAN port of the TP-Link router, you also need to open the service ports of the service on this device.

    You can find out if the IP address is public or private by following this link:



    A) If you want to open port 80 for the local device, please change the router’s remote control port number (service port) first, as its default number is 80. As for the internal port, port 80 is reserved for local management and cannot be changed although the remote control port has changed.

    Go to Security – Remote Management and then change Web Based Management Port to other ports such as 8080 and click Save .

    B) Some models support different external ports (service port) and internal ports. Here we will explain this setting in a different situation.

    For example, if you only want to open port 90 for one of the devices, you can configure it as shown below:

    If you have two or more devices ( and in this example), you need the same port open for a particular service, then you will have to use different external ports (service port).

    For the internal port, please enter the actual port number (90 in this example), then create different service port numbers for the two devices (for example, 9000 and 9001 in this example).

    After this configuration, you can access two devices using different external ports (service ports).In this case, you can use WAN IP: 9000 to access and WAN IP: 9001 to access

    If port forwarding fails after you have completed all of the above configurations, please refer to this link for further troubleshooting:

    Why isn’t port forwarding (forwarding) working on my router?

    For detailed information on each feature and hardware setup, go to page Downloads to download the user manual for your device model.

    Port forwarding and configuring the router for external access | Routers (routers) | Blog

    A home router usually does not allow access from the external Internet to computers on the internal network. That’s right – hacker attacks target known computer vulnerabilities, so a router is an additional obstacle. However, there are times when access to the router and its local resources from the “outside world” becomes necessary. This article will tell you in what cases access from the outside is needed, and how to safely configure it.

    Why open access from the outside?

    Access “from the outside” is needed not only in exotic cases like opening a game server or launching a website on a home computer. Much more often it is necessary to “open a port” for a multiplayer game, and this is just granting an external user (game server) access to the internal network (computer port). If you need to remotely connect and configure a computer or router, download a file or two from your home network while on a business trip, or watch video from IP cameras connected to your home network, you need to configure access.

    Colors and shapes of IP-addresses

    Before you figure out how to open access to your resources, you should understand how the connection on the Internet generally occurs. As a simple analogy, compare an IP address to a postal address. You can send a letter to a specific address, ask a question in it and you will receive an answer to the return address. This is how the browser works, this is how you visit certain sites.

    But people communicate with words, and computers are used to numbers. Therefore, any request to the site is first processed by the DNS server, which issues the real IP address.

    Now let’s say that someone wants to write a letter to you. And not in response, but independently. Not a problem if you have a static white address – when you connect today, tomorrow, in a month or a year, it will not change. Anyone, from anywhere, knowing this address, can write you a letter and you will receive it. It is like the postal address of a family estate or family house, from where you will not leave. You can get such an address from your provider only for a separate and regular fee.But there are fewer problems with remote access – just remember the issued IP.

    Usually the provider issues a white dynamic address – one of the unoccupied ones. It’s like checking into a hotel every day, when you are randomly assigned a room. There will be problems with the letter: you or another guest can get it – there are no guarantees. In this case, DDNS – Dynamic DNS will help out.

    The saddest, but very common lately, option is gray dynamic address : you live in a hostel and share a single mailing address with another hundred (or even a thousand) tenants.You yourself can still write letters, and they will reach the addressee. But the letter written to your mailing address will go to the dormitory commandant (provider), and, most likely, will not go further than the trash can.

    The “gray” address itself is not a problem – after all, all devices connected to your router have the “gray” address – and this does not prevent them from using the Internet. The problem is that when you need a little more than just access to the Internet, you can change the settings of your router, but the settings of the provider’s router cannot.In the case of a gray dynamic address, only VPN will save.

    Who am I, where am I, what color am I?

    We figured out the terminology, it remains to understand which address you have. Most providers have a fixed IP address that costs money, so if you don’t have a “static IP” service enabled, then it’s probably dynamic. But he is white or gray goose – this needs to be checked. First, you need to find out the external IP address of the router in its web interface and compare it with the address under which you are “seen” on the Internet.

    In the admin panel of the router, you can find your IP on the tabs “System Information”, “Statistics”, “Network Map”, “Status”, etc. Somewhere there you need to look for WAN IP.

    If the address starts with “10.” or with “192.168.”, Then it is definitely “gray” – most of the ways to open access will not work and only VPN remains.

    If the address looks different, you need to look at it “from the outside” using one of the services showing your IP address, for example, http: // myip.ru /.

    If the address shown on the site coincides with what you saw in the web interface, then you have an honest “white” address and access from the “big world” will not cause any special difficulties – all that remains is to set up “forwarding” to router and connect DDNS.

    What are ports and why abandon them?

    Port is a numbered virtual “device” used to transmit data over a network. Each network program uses a separate port or group of ports to establish communication.For example, browsers use TCP port 80 for unencrypted traffic (http) and 443 for encrypted traffic (https).

    Port Forwarding is a special rule in the router that allows all calls from the outside to a specific port and forwards these calls to a specific device on the internal network.

    The need for port forwarding usually arises when you want to play a game over the network from a computer connected to a router. However, this is not the only reason – “forwarding” will be required, whenever necessary, to get “from the outside” access to any specific device on your local network.

    Allowing all connections to the computer, that is, forwarding the entire range of ports to it is a bad idea, it is unsafe. Therefore, routers simply ignore calls to any ports “from the outside”. And “forwarding” – special exceptions, traffic routes from specific ports to specific ports of specific devices.

    Game ports: what, where are we throwing?

    Which port to open depends on the specific software. Some programs require forwarding several ports, others – just one.

    Different games also have different requirements – some can be played even from a “gray” address, others will lose some of their capabilities without port forwarding (for example, you will not hear the voices of allies in a cooperative game), and others will refuse to work at all.

    For example, to play Destiny 2 online, you need to forward UDP port 3074 to your curling iron, or UDP port 1200 on Xbox. But to the PC, you will need to forward two UDP ports: 3074 and 3097.

    The following table shows some games and the ports they use on a PC:




    Tekken 7


    TCP: 5222, 5795: 5847

    TCP: 80, 1119, 3724, 6113

    TCP: 27015: 27030, 27036: 27037

    TCP: 27015: 27030, 27036: 27037

    TCP: 80, 443, 5222, 5223, 6881, 6900: 6905, 50010: 50014

    UDP: 5222, 5795: 5847

    UDP: 5060, 5062, 6250, 3478: 3479, 12000: 64000

    UDP: 4380, 27000: 27031, 27036

    UDP: 4380, 27000: 27031, 27036

    UDP: 53, 1900, 3432, 3478, 3479, 5060, 5062, 6881, 12000: 29999, 30443, 32800: 32900

    Configuring port forwarding

    Forwarding is configured in the admin panel of the router on the tab “ Virtual Servers, NAT, Port Forwarding, Network Address Translation, etc.p. They can be nested in the “Internet”, “Forwarding”, “Firewall” or “Security” tabs. It all depends on the brand and model of the router.

    You need to determine which ports and which protocol (UDP or TCP) the program for which you are configuring the rule is using. You should also set a static IP address for the device to which the port is forwarded – this is done in the DHCP settings and was discussed in detail in the article on parental control. All these data should be entered in the appropriate fields.

    Some routers also allow you to set an external IP address (or range of addresses). So if you know the IP address from which the call to your device will go (for example, the address of the game server), then you should also enter it on the page – this will increase the security of the connection.

    Now all requests from the address to port 3074 of your router will be automatically “forwarded” to your PlayStation console.

    More passes for different tasks!

    The configuration for other programs is done in a similar way – and it can be not only games:

    • By setting a port and setting up remote control for uTorrent, you can manage its downloads from anywhere in the world using a browser;

    • port forwarding is often required for specialized programs for remote computer control; simpler, “civilian” programs can work without this – you can read more about them in this article;

    • to run an ftp server on your home computer, you will need to open and forward control port 21 and a separate range of ports for data transfer;

    • by forwarding port 554 to a home IP camera that can transmit video via the RTSP protocol, you can connect to it with any video player with RTSP support, like VLC;

    • Forwarding port 3389 will allow you to use the RDP (Remote Desktop Protocol) service in Windows to get remote access to your computer’s desktop.

    DDNS – why you need it and how to set it up

    If the IP address is permanent, you can remember it. But if it changes, it’s hard to remember it. Dynamic DNS services are designed to solve this problem. It will be enough for you to remember a certain domain name.

    DDNS services can be paid or free, with a different set of features and capabilities. But it is better to use those provided by the router manufacturer – when the external IP address of the router changes, they will agree with DDNS themselves, without your help.Find the “DDNS” or “Dynamic DNS” tab on the web interface of your router. In the item “service provider” or “DDNS service” you will be offered a list of several services, you can choose any. Many router manufacturers have their own DDNS services – quite limited in settings, but free. These are DLinkDDNS.com for D-Link routers, KeenDNS for Zyxel routers, TP-Link Cloud for TP-Link routers, etc.

    Having decided on the future DDNS service, you need to go to its website and create an account.Free DDNS services from router manufacturers may require you to enter the serial number of the device or otherwise confirm that you are working with a router of their manufacture – each manufacturer is different.

    Next, you will be prompted to set a domain name for your home server – usually this is a third-level domain (that is, vash_vybor.DDNS-service.com). After that, you can already return to the web interface and configure the binding of the created account to your router.

    Remote control of the router

    In all other guides, it is recommended to disable remote control of the router.But here it is desirable to resolve it – it will be extremely offensive if, for example, you missed some trifle during port forwarding and cannot “reach” the network because of this, being on a business trip or on vacation. Remote control of the router will allow you to make the necessary corrections and gain access.

    Allow “Remote Access” in the web interface and set up the remote access rules. So, if you know the permanent IP address of the computer from which you will be configuring, you should set it – this will increase the security of your network.

    If you want to be able to access the router from any device connected to the Internet, you can also do this, but be sure to set a complex password for access to the web interface – otherwise your local network will become an “easy prey” for hackers.

    VPN as an extreme exit

    If the provider issues a “gray” address and does not want to give a “white” one, even for money, you will have to use a VPN.

    Usually VPN services provide access to the network through a server anywhere in the world – Private Internet Access, TorGuard, CyberGhost VPN, Game Freedom, etc.There are no free ones among them, but you don’t need an “external” server for remote access to your computer or team games. It is enough to create a “virtual network” from your home computer and, for example, your work computer. Or the travel laptop from which you walk to access your home network. Or all the computers of your gaming friends. All you need to do is choose one of the free VPN utilities, for example, Hamachi, Remobo, NeoRouter, etc. And run it on all computers that need to be connected.

    The beauty is that you can do this without configuring a router, from the most “gray” address and under the most “evil” firewall. You can connect more than two computers to the network, although their number is limited in free versions.

    In addition, there are many open-source (no password) VPNs on the Internet designed specifically for gaming – all you have to do is find a VPN for your favorite game, connect to it using one of the aforementioned utilities – and play. The situation is a little more complicated with games that require a connection to a game server.

    There are VPN-networks with running servers of popular games, but the number of users on them is several times less than on open servers. In addition, not all games have such servers. You won’t be able to play World of Tanks or World of Warcraft using such utilities; you will have to fork out for a full-fledged VPN service. But more on that next time.

    Do not open ports to the world – they will break you (risks) / Habr

    Again and again, after the audit, on my recommendations to hide the ports behind the white-list, I meet with a wall of misunderstanding.Even very cool admins / DevOps ask: “Why?!?”

    I propose to consider the risks in descending order of probability of occurrence and damage.

    1. Configuration error
    2. DDoS over IP
    3. Brute-force
    4. Service vulnerabilities
    5. Kernel stack vulnerabilities
    6. Amplification of DDoS attacks

    Configuration error

    The most common and dangerous situation. How it happens. The developer needs to quickly check the hypothesis, he brings up a temporary server with mysql / redis / mongodb / elastic.The password, of course, is complicated, he uses it everywhere. Opens the service to the world – it is convenient for him to connect from his PC without these VPNs of yours. And the syntax of iptables is too lazy to remember, it’s still a temporary server. A couple more days of development – it turned out great, you can show it to the customer. The customer likes it, there is no time to redo it, we are launching it in PROD!

    An example deliberately exaggerated in order to go through all the rakes:

    1. Nothing is more permanent than temporary – I do not like this phrase, but according to subjective feelings, 20-40% of such temporary servers remain for a long time.
    2. A complex universal password that is used in many services is evil. Because, one of the services where this password was used could be hacked. One way or another, the databases of hacked services are combined into one, which is used for [brute-force] *.
      It should be added that redis, mongodb and elastic are generally available without authentication after installation, and often add to the collection of open databases.
    3. It may seem that in a couple of days no one will scan your 3306 port.It’s a delusion! Masscan is an excellent scanner and can scan at 10M ports per second. And there are only 4 billion IPv4 on the Internet. Accordingly, all 3306 ports on the Internet are located in 7 minutes. Charles!!! Seven minutes!
      “Who cares?” – you object. So I’m surprised looking at the statistics of dropped packets. Where did 40 thousand scan attempts from 3 thousand unique IPs come from in a day? Now all and sundry, from mother’s hackers to governments, are scanning. It is very simple to check – take any VPS for $ 3-5 from any ** low-cost airline, turn on the logging of dropped packages and look into the log in a day.

    Enabling logging

    In /etc/iptables/rules.v4 add at the end:
    -A INPUT -j LOG –log-prefix “[FW – ALL]” –log-level 4

    A in /etc/rsyslog.d/10-iptables.conf
    : msg, contains, “[FW -” /var/log/iptables.log
    & stop

    DDoS over IP

    If an attacker knows your IP, he can bother your server for several hours or days. Not all low-cost hosting services have DDoS protection and your server will simply be disconnected from the network.If you hid the server behind a CDN, do not forget to change the IP, otherwise the hacker will Google it and DDoS your server bypassing the CDN (a very popular mistake).

    Service vulnerabilities

    In all popular software, sooner or later errors are found, even in the most tested and most critical ones. Among the IS specialists, there is such a half-joke – the security of the infrastructure can be safely assessed by the time of the last update. If your infrastructure is rich in ports sticking out into the world, and you haven’t updated it for a year, then any security officer will tell you without looking that you are full of holes, and most likely already hacked.
    It is also worth mentioning that all known vulnerabilities were once unknown. Imagine a hacker who found such a vulnerability and scanned the entire Internet in 7 minutes for its presence … Here is a new virus epidemic) It is necessary to update, but this can harm the product, you say. And you will be right if the packages are not installed from the official OS repositories. From experience, updates from the official repository rarely break the product.

    Brute force

    As described above, there is a database with half a billion passwords that are convenient to type from the keyboard.In other words, if you did not generate a password, but typed nearby characters on the keyboard, be sure * – they will cheat you.

    Kernel stack vulnerabilities.

    There are **** and it doesn’t even matter which service opens the port when the kernel network stack itself is vulnerable. That is, absolutely any tcp / udp socket on a two-year-old system is vulnerable to a DDoS vulnerability.

    Strengthening DDoS attacks

    No direct damage, but it can clog your channel, increase the load on the system, your IP will end up in some black-list *****, and you will receive an abuse from the hoster.

    Do you really need all these risks? Add your home and work IP to the white-list. Even if it is dynamic, log in through the hoster’s admin panel, through the web console, and just add another one.

    I have been building and securing IT infrastructure for 15 years. I worked out a rule that I highly recommend to everyone – no port should stick out into the world without a white-list .

    For example, the most secure web server *** is the one with 80 and 443 open only for CDN / WAF.And the service ports (ssh, netdata, bacula, phpmyadmin) should be at least behind the white-list, and even better for VPN. Otherwise, you risk being compromised.

    That’s all for me. Keep your ports closed!

    • (1) UPD1 : Here you can check your cool universal password ( do not do this without replacing this password with random ones in all services), is it lit up in the leaked database. And here you can see how many services were hacked, where your email appeared, and, accordingly, find out if your cool universal password has been compromised.
    • (2) To Amazon’s credit – there are a minimum of scans on LightSail. Apparently, they are somehow filtering.
    • (3) An even more secure web server is the one behind a dedicated firewall, its own WAF, but we are talking about public VPS / Dedicated.
    • (4) Segmentsmak.
    • (5) Firehol.

    How do I open ports on my MERCUSYS AC router?

    1. Log into the Web Based Management Utility. If you do not know how to do it, please click on the link below:

    How do I log into the web-based management utility of my MERCUSYS AC router?

    2.Go to section Advanced Virtual Server . Here you can add a new rule or view previously created ones. A virtual server is used to configure public services on your local network.

    To configure a rule for a virtual server:

    1. Press Add

    2. Select a service from the drop-down list to select preset settings that will be listed automatically in column External port .If the service is not listed, enter the service port number or port range manually in the field. External port .

    3. Leave field Internal port empty if the internal port is the same as the external port, or specify a specific port number if there is only one External port.

    4. Enter the IP address of the computer running the service application in the IP address field.

    5. From the Protocol drop-down list, select the protocol that is used for this application: TCP , UDP , or All (all protocols supported by the router).

    6. Click Save .


    Make sure the external port is different from the port used for local and remote management. Otherwise, the virtual server will not work correctly.

    To modify an existing record:

    1. Find the required entry in the table.

    2. Click in column to Edit .

    3. Click Save to apply the settings.

    For more detailed information on each feature and setting, go to Support to download the user manual for your product model.

    Opening ports using the example of a TP-LINK WR841N


    Opening ports on the example of a TP-LINK WR841N router

    Agree, sometimes you want to play online games with your friends, but renting an entire server for this, which is also very expensive, is pointless.

    Your own PC can be a good alternative for this. Those who have direct access to the World Wide Web are more fortunate – they do not need to play with ports, because most ports are open.

    But sometimes it happens that there are several PCs, laptops and other clients at home. A router can provide everyone with the Internet.

    However, having bought a router, the user is faced with a big problem – initially the ports on the routers are closed, that is, a person can access the network, but simply cannot go to him.

    One, two, three, Let’s go!

    Let’s go to the web interface for managing our router. Usually it is, or If not, find out on the manufacturer’s website or in the instructions for it.

    1. First of all, we will assign a permanent ip on the router to our device. This is necessary so that every time you turn on the router, it can find and give our PC a separate ip.
    (This is mainly used when setting up a regular server for sites and, since the instruction is universal, fans of online games skip this point)

    Go to DHCP => Address Reservation.Click on add new => In the MAC Address field, enter the MAC of our device. And in the IP, our current local ip
    (To do this, without leaving the kitchen, go to the DHCP Client List and find our ip in the local network. For those who do not know – open “Start” => Run => type cmd => type ipconfig and press Enter. In the Local Area Connection – Ethernet Adapter column there is an item ip address. This is what we need))

    2. And again, fans of online games, you can skip this point.

    Let’s configure static ports for web servers. Click on the Forwarding => Virtual Servers item.
    Enter the same Service Port and Internal Port. This is the port number that we want to open. Here, in the IP Address, we will enter the local IP.

    Attention! If you want to open port 80, first, transfer the router to another port (for example 8888) in the item Security => Remote Management => Web Management Port

    3. Oh yes, now online gamers can read this.

    First, let’s check if the port is available at all. For example, the standard port for minecraft 25565 is closed by the system, so I used 25575.

    To check, pull out the provider’s cable from the router, plug it directly into the PC.
    Go to the site 2ip.ru, enter the required port and click “Check”. If it says “Open”, move on.

    4. Opening ports for game servers.

    Go to Forwarding => Port Triggering.
    Trigger Port is equal to the port that needs to be opened, we will write it in Incoming Ports as well.

    5. Restart the router

    Turn on the server, go to 2ip.ru, if it is open – congratulations, you did it!

    Source http://habrahabr.ru/sandbox/66438/

    Also see the article “Opening a port on a PC”

    How to forward / open port

    Instructions on how to forward / open a port on Zyxel routers (for example, Zyxel Keneetic 4G)

    1. Type the address of your router into the browser line: or

    2. Go to the Internet tab and look at the interface of your active Internet connection. For wired Internet, PPPoE0

    is usually used

    3. Click the Home Networking tab. Click on the address of your DVR (by default the address is used for MCB IP DVRs, 192 for hybrid DVRs.168.1.10). In the menu that opens, check the “Permanent IP address” box. Save the settings.

    4. Go to the Security tab and click Add Rule

    5. There are 3 network ports specified in the NVR network setting:

    http port – 80: to access the logger through a browser

    tcp port – 5000: for accessing the recorder through the mobile application / computer programs

    rtsp port – 554: for streaming video using RTSP applications (clients).

    Therefore, in order not to get confused in the future and not to forget which port to use for which applications, we recommend specifying the appropriate descriptions for each of the ports, for example “http logger”.

    In the “Interface” list, select our active Internet connection, which we looked at at stage 2.

    In the “Protocol” list, select:

    TCP / 80 – for 80 port

    TCP / 554 – for 554 port

    just TCP – for 5000 (write 5000 in the drop-down field)

    In the “Redirect to address” list, select our DVR.

    Before saving, the menus should look like this:

    For http port – 80.

    For tcp port – 5000.

    For rtsp port – 554.

    We save the settings.

    6. Checking the port for openness. We go to the site portscan.ru. We drive in the number of our port and click the “Check” button. If the port is open, then you did everything right.