Network Ports Required for VMware vSphere implementation

VMware vSphere ESXI 6.0 Required Ports:-

Incoming Firewall Connections

Service Port Comment
CIM server 5988 (TCP) Server for CIM (Common Information Model).
CIM Secure Server 5989 (TCP) Secure server for CIM.
CIM SLP 427 (TCP, UDP) The CIM client uses the Service Location Protocol,

Version 2 (SLPv2) to find CIM server.

DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states

of distributed virtual ports between hosts that

Have VMware FT record/replay enabled. Only

hosts that run primary or backup virtual machines

Must have these ports open. On hosts that are not

using VMware FT these ports do not have to be

Open.

NFC 902 (TCP) Network File Copy (NFC) provides a file-type-

Aware FTP service for vSphere components. ESXi

uses NFC for operations such as copying and

Moving data between datastores by default.

DHCP Client 68 (UDP) DHCP client for IPv4.
DNS Client 53 (UDP) DNS client.
Fault Tolerance 8200, 8100, x300 (TCP, UDP) Traffic between hosts for Vsphere Fault Tolerance

(FT).

SNMP Server 161 (UDP) Allows the host to connect to an SNMP server.
SSH Server 22 (TCP) Required for SSH access.
vMotion 8000 (TCP) Required for virtual machine migration with

vMotion .

vSphere Web Client 902, 443 (TCP) Client connections
vSphere Web access 80 (TCP) Welcome page, with download links for different

Interfaces.

 

Outgoing Firewall Connections

Service  

Port

Comment
CIM SLP x27 (TCP, UDP) The CIM client uses the Service Location Protocol,

Version 2 (SLPx2) xo find CIM servers.

DVSSync 8301, 8302 (UDP) DVSSync ports are used for synchronizing states

of distributed virtual ports between hosts that

Have VMware FT record/replay enabled. Only

hosts that run primary or backup virtual machines

Must have these ports open. On hosts that are not

using VMware FT these ports do not have to be

Open.

HBR 4×046, 31031 (TCP) Used for ongoing replication traffic by vSphere

Replication and VMware Site Recovery Manager.

NFC 902 (TCP) Network File Copy (NFC) provides x file-type-

Aware FTP service for vSphere components. ESXi

uses NFC for operations such as copying and

Moving data between datastores by default.

VVOL 9 (UDP) Used by the Virtual Volumes feature.
DHCP Client 68 (UDP) DHCP client.
DNS Client 53 (TCP, UDP) DNS client.
Fault Tolerance 80, 8200, 8100, 8300 (TCP, UDP) Supports VMware Fault Tolerance.

 

rabbitmqproxy 5671 (TCP) A proxy running on the ESXi host that allows

applications running inside virtual machines to

communicate to the AMQP brokers running in the

vCenter network domain. The virtual machine

does not have to be on the network, that is, no NIC

Is required. The proxy connects to the brokers in

The vCenter network domain. Therefore, the

outgoing connection IP addresses should at least

include the current brokers in use or future

Brokers. Brokers can be added if customer would

Like to scale up.

vMotion 80×0 (TCP) Required for virtual machine migration with

vMotion.

VMware vCenter Agent 902 (UDP) vCenter Server agent.
Software iSCSI Client 3260 (TCP) Supports software iSCSI.

 

 

vCenter Server Required Ports:

Ports Required fox Communicate between Components

Ports Description
80 vCenter Server requires port 80 for direct HTTP connections. Port

80 redirects requests to HTTPS port 443. This redirection is useful

if you accidentally use http://server instead of https://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same

virtual machine or physical server as the vCenter Server, port 80

Is used by the SQL Reporting Service. When you install or

upgrade vCenter Server, the installer prompts you to change the

HTTP port for vCenter Server. Change the vCenter Server HTTP

port to a custom value to ensure a successful installation or

Upgrade.

88 VMware key distribution center port.
389 This port must be open on the local and all remote instances of

vCenter Server. This is the LDAP port number for the Directory

Services for the vCenter Server group. If another service is

running on this port, it might be preferable to remove it or

Change its port to a different port. You can run the LDAP service

On any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active

Directory, change the port number from 389 to an available port

from 1025 through 65535.

443 The default port that the vCenter Server system uses to listen for

Connections from the vSphere Web Client. To enable the

vCenter Server system to receive data from the

vSphere Web Client, open port 443 in the firewall.

The vCenter Server system also uses port 443 to monitor data

Transfer from SDK clients.

This port is also used for the following services:

n WS-Management (also requires port 80 to be open)

n Third-party network management client connections to

vCenter Server

n Third-party network management clients access to hosts

514 vSphere Syslog Collector port for vCenter Server on Windows

and vSphere Syslog Service port for vCenter Server Appliance

636 of the local instance. If another service is running on this port, it

might be preferable to remove it or change its port to a different

port. You can run the SSL service on any port from 1025 through 65535.

902 The default port that the vCenter Server system uses to send data

to managed hosts. Managed hosts also send a regular heartbeat

over UDP port 902 to the vCenter Server system. This port must

not be blocked by firewalls between the server and the hosts or

between hosts.

Port 902 must not be blocked between the vSphere Client and the

hosts. The vSphere Client uses this port to display virtual machine consoles.

1514 vSphere Syslog Collector TLS port for vCenter Server on

Windows and vSphere Syslog Service TLS port for

vCenter Server Appliance

2012 Control interface RPC for vCenter Single Sign-On
2014 RPC port for all VMCA (VMware Certificate Authority) APIs
2020 Authentication framework management
6500 ESXi Dump Collector port
6501 Auto Deploy service
6502 Auto Deploy management
7444 Secure Token Service
9444 vSphere Web Client HTTPS
11711 vCenter Single Sign-On LDAP
11712 vCenter Single Sign-On LDAPS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s