diff --git a/cfe_internal/enterprise/CFE_hub_specific.cf b/cfe_internal/enterprise/CFE_hub_specific.cf
index 22e0782a82..e75d3360f4 100644
--- a/cfe_internal/enterprise/CFE_hub_specific.cf
+++ b/cfe_internal/enterprise/CFE_hub_specific.cf
@@ -40,6 +40,14 @@ bundle common cfe_internal_hub_vars
 
     policy_server::
 
+      "http_port" -> { "ENT-12151" }
+        string => ifelse( isvariable("cfe_internal_hub_vars.http_port"), "$(cfe_internal_hub_vars.http_port)", "80" ),
+        comment => "Mission portal's webserver HTTP port. Default 80";
+
+      "https_port" -> { "ENT-12151" }
+        string => ifelse( isvariable("cfe_internal_hub_vars.https_port"), "$(cfe_internal_hub_vars.https_port)", "443" ),
+        comment => "Mission portal's webserver HTTPS port. Default 443";
+
       "docroot" string => "$(sys.workdir)/httpd/htdocs",
         comment => "Root directory of Enterprise Web interface",
         handle => "cfe_internal_hub_vars_docroot";
@@ -91,6 +99,43 @@ bundle common cfe_internal_hub_vars
 
 }
 
+##################################################################
+#
+# update_cli_rest_server_url_config
+#  - updates reset server url port of Mission Portal WebGUI when
+     cfe_internal_hub_vars.https_port is changed
+#
+##################################################################
+bundle agent update_cli_rest_server_url_config
+{
+  vars:
+    "mp_config_file" string => "$(cfe_internal_hub_vars.docroot)/application/config/config.php";
+    "mp_share_config_file" string => "$(sys.workdir)/share/GUI/application/config/config.php";
+    "regex_test_pattern" string => ".*localhost:$(cfe_internal_hub_vars.https_port).*";
+
+  files:
+    "$(mp_config_file)"
+      edit_line => change_cli_rest_server_url_port,
+      if => and(
+        fileexists("$(mp_config_file)"),
+        islessthan(countlinesmatching("$(regex_test_pattern)", "$(mp_config_file)"), 1)
+        );
+   "$(mp_share_config_file)"
+      edit_line => change_cli_rest_server_url_port,
+      if => and(
+        fileexists("$(mp_share_config_file)"),
+        islessthan(countlinesmatching("$(regex_test_pattern)", "$(mp_share_config_file)"), 1)
+        );      
+}
+
+bundle edit_line change_cli_rest_server_url_port
+{
+  replace_patterns:
+  "^\s*\$config\['cli_rest_server_url'\]\s*=\s*\"https://localhost.*/api/\";\s*$"
+      replace_with => value("    $config['cli_rest_server_url'] = \"https://localhost:$(cfe_internal_hub_vars.https_port)/api/\";"),
+      comment => "Change port CLI REST server URL port";
+}
+
 ##################################################################
 #
 # cfe_internal_update_folders
diff --git a/cfe_internal/enterprise/main.cf b/cfe_internal/enterprise/main.cf
index 01070c3f3c..91042b88f1 100644
--- a/cfe_internal/enterprise/main.cf
+++ b/cfe_internal/enterprise/main.cf
@@ -15,6 +15,10 @@ bundle agent cfe_internal_enterprise_main
       handle => "cfe_internal_management_update_folders",
       comment => "Create empty directories for CFE self-upgrade";
 
+      "hub" usebundle => update_cli_rest_server_url_config,
+        handle => "cfe_internal_management_update_cli_rest_server_url_config",
+        comment => "Update the REST server URL port in the Mission Portal when cfe_internal_hub_vars.https_port is changed";
+
       "hub" -> { "Mission Portal", "CFEngine Enterprise" }
         usebundle => cfe_internal_purge_scheduled_reports_older_than_days( $(def.purge_scheduled_reports_older_than_days) ),
         handle    => "cfe_internal_management_purge_scheduled_reports_older_than_days",
diff --git a/cfe_internal/enterprise/templates/httpd.conf.mustache b/cfe_internal/enterprise/templates/httpd.conf.mustache
index 3dbf55dd11..dd279bc017 100644
--- a/cfe_internal/enterprise/templates/httpd.conf.mustache
+++ b/cfe_internal/enterprise/templates/httpd.conf.mustache
@@ -10,7 +10,7 @@ ServerRoot "{{{vars.sys.workdir}}}/httpd"
 # ENT-10646 - Listen 80 often causes IPv6 related errors, specifying ipv4 squashes them.
 #   Unclear why the same is not an issue for 443
 #   To enable listening on ipv6 add Listen [::]:80
-Listen 0.0.0.0:80
+Listen 0.0.0.0:{{{vars.cfe_internal_hub_vars.http_port}}}
 {{/classes.cfe_enterprise_disable_plain_http}}
 
 PidFile "{{{vars.mission_portal_apache_from_stage.httpd_pid_file}}}"
@@ -135,7 +135,7 @@ LogLevel warn
   # This content used to be included from an external file
   # /var/cfengine/httpd/conf/extra/httpd-ssl.conf
 
-  Listen 443
+  Listen {{{vars.cfe_internal_hub_vars.https_port}}}
 
   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl    .crl
@@ -183,12 +183,12 @@ LogLevel warn
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin
 
-  <VirtualHost _default_:443>
+  <VirtualHost _default_:{{{vars.cfe_internal_hub_vars.https_port}}}>
     DocumentRoot "{{{vars.cfe_internal_hub_vars.public_docroot}}}"
     Alias "/api" "{{{vars.cfe_internal_hub_vars.docroot}}}/api"
     Alias "/api/static" "{{{vars.cfe_internal_hub_vars.docroot}}}/api/static"
     Alias "/ldap" "{{{vars.cfe_internal_hub_vars.docroot}}}/ldap"
-    ServerName {{{vars.sys.fqhost}}}:443
+    ServerName {{{vars.sys.fqhost}}}:{{{vars.cfe_internal_hub_vars.https_port}}}
     # ServerAdmin root@localhost
     ErrorLog "{{{vars.cfe_internal_hub_vars.error_log}}}"
     LogFormat "%h %l %{username}n %t \"%r\" %>s %b"