We shouldn't have the same default port associated with multiple protocols. The key reason is that we use only one of them (for classification by-port, for example) and which one we really use depends on the internal order of the protocolsi's initialization (which is unknown to the user). We have 3 port collisions: * 8009: AJP and CiscoVPN * 445: SMBv1 and SMBv23 * 8080: HTTP_Connect and HTTP_Proxy I think that the two last cases don't really matter... About the first one: it seems that CiscoVPN is retired from 2011/2014 (see https://www.cisco.com/c/en/us/obsolete/security/cisco-vpn-client.html) and superseded by AnyConnect, which uses different ports (see https://community.cisco.com/t5/network-security/what-protocols-are-used-on-anyconnect-mobility-client/td-p/4713525). Therefore it should be safe to remove 8009 from the CiscoVPN default ports.