In Qlik Sense, if you want to use Windows Authentication or Kerberos authentication, an additional port (by default 4244 for HTTPS and 4248 for HTTP) is required.Note:
this requirement was removed in Qlik Sense April 2018 and higher
From Qlik Sense April 2018 it is no longer necessary to use port 4244 as the authentication port. If you are using SSL to protect your environment, you can use port 443 as an external facing port for the Qlik Sense Proxy service (QPS).
This was a decision made when Qlik Sense was designed in order to ensure a higher maintainability.
Qlik has not built its own implementation of Windows authentication (NTLM) or Kerberos authentication inside Qlik Sense and is using a standard .NET library provided by Microsoft instead.
This library has a limitation that it needs to be bound to a different port than the main application itself (Qlik Sense in this case).
For other types of authentication (SAML, JWT, etc.) this port is not required to be open on the Qlik Sense server.