Required ports for configuring an external firewall to allow ESX/ESXi and vCenter Server traffic
search cancel

Required ports for configuring an external firewall to allow ESX/ESXi and vCenter Server traffic

book

Article ID: 304715

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

This article provides information related to configuring an external firewall to allow ESX/ESXi and vCenter Server traffic.

Environment

  • VMware vSphere 6.5
  • VMware vSphere 6.7
  • VMware vSphere 7.0.x
  • VMware vSphere 8.0.x
  • VMware vSphere Foundation 9.0.x
  • VMware Cloud Foundation 9.0.x

Resolution

Please refer to  VMware Ports and Protocols for a comprehensive list of the TCP and UDP ports required in vSphere 6.5, 6.7, 7.0 and 8.0 as well as VMware vSphere Foundation / VMware Cloud Foundation 9.0

Additional Information

Port requirements for older vSphere versions prior to 6.5:

These ports are mandatory:

  • 22 - SSH (TCP)
  • 53 - DNS (TCP and UDP)
  • 80 - HTTP (TCP/UDP)
  • 902 - vCenter Server / VMware Infrastructure Client - UDP for ESX/ESXi Heartbeat (UDP and TCP)
  • 903 - Remote Access to VM Console (TCP)
  • 443 - Web Access (TCP)
  • 27000, 27010 - License Server (Valid for ESX/ESXi 3.x hosts only)

These ports are optional:

  • 123 - NTP (UDP)
  • 161, 162 - SNMP (UDP)
  • 88 - Kerberos (UDP and TCP)
  • 464 - Active Directory (TCP and UDP)
  • 3260 - Software iSCSI (TCP)
Powered by Wolken Software