The information has moved. Please refer to VMware Ports and Protocols for a comprehensive list of the TCP and UDP ports required for current vSphere versions.
Product | Port | Protocol | Source | Target | Purpose |
Heartbeat | 52267 | TCP | vCenter Server Heartbeat Console | vCenter Server Heartbeat Server | Client Connection Port |
Heartbeat | 57348 | TCP | vCenter Server Primary Server | vCenter Server Secondary Server | Default Channel Port to communicate between Primary and Secondary server |
vCenter Server 5.x | 25 | TCP | vCenter Server | SMTP Server | Email notifications |
vCenter Server 5.x | 53 | UDP | vCenter Server | DNS Server | DNS lookups |
vCenter Server 5.x | 80 | TCP | Client PC | vCenter Server | vCenter Server requires port 80 for direct HTTP connections. |
vCenter Server 5.x | 80 | TCP | vCenter Server | ESXi 5.x | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 5.x | 88 | UDP | vCenter Server | Active Directory Server | AD Authentication |
vCenter Server 5.x | 88 | TCP | vCenter Server | Active Directory Server | AD Authentication |
vCenter Server 5.x | 135 | TCP | vCenter Server | vCenter Server | Used by ADAM for RPC communications between vCenter Servers in Linked Mode. |
vCenter Server 5.x | 161 | UDP | SNMP Server | vCenter Server | SNMP Polling |
vCenter Server 5.x | 162 | UDP | vCenter Server | SNMP Server | SNMP Trap Send |
vCenter Server 5.x | 389 | TCP/UDP | vCenter Server | Linked vCenter Servers | This port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535. |
vCenter Server 5.x | 443 | TCP | vSphere Client | vCenter Server | vCenter Server system uses to listen for connections from the vSphere Client. |
vCenter Server 5.x | 443 | TCP | vCenter Server | ESXi 5.x | vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol |
vCenter Server 5.x | 623 | UDP | vCenter Server | ESXi 5.x | DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol |
vCenter Server 5.x | 636 | TCP | vCenter Servers | Linked vCenter Servers | This is the SSL port of the local instance for vCenter Server Linked Mode. If another service is running on this port, it might be preferable to remove it or change its port. You can run the SSL service on any port from 1025 through 65535. |
vCenter Server 5.x | 902 | TCP | vCenter Server | ESXi 5.x | vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts. |
vCenter Server 5.x | 902 | TCP/UDP | vSphere Client | ESXi 5.x | vSphere Client uses this ports to display virtual machine consoles. |
vCenter Server 5.x | 902 | TCP/UDP | ESXi 5.x | ESXi 5.x | Host access to other hosts for migration and provisioning |
vCenter Server 5.x | 1024 (dynamic) | RPC | Linked vCenter Servers | Linked vCenter Servers | Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). |
vCenter Server 5.x | 1433 | TCP | vCenter Server | Microsoft SQL Server | For vCenter Microsoft SQL Server Database |
vCenter Server 5.x | 1521 | TCP | vCenter Server | Oracle Database Server | For vCenter Oracle Database |
vCenter Server 5.x | 5988 | TCP | ESXi 5.x | vCenter Server | CIM transactions over HTTP |
vCenter Server 5.x | 5989 | TCP | vCenter Server | ESXi 5.x | CIM XML transactions over HTTPS |
vCenter Server 5.x | 5989 | TCP | ESXi 5.x | vCenter Server | CIM XML transactions over HTTPS |
vCenter Server 5.x | 7500 | UDP | vCenter Server | Linked vCenter Servers | vCenter Inventory Service Groups diagnostics port for Inventory Service instances. |
vCenter Server 5.x | 8005 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
vCenter Server 5.x | 8006 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
vCenter Server 5.x | 8009 | TCP | vCenter Server | vCenter Server | AJP Port |
vCenter Server 5.x | 8080 | TCP | Client PC | vCenter Server | Web Services HTTP. Used for the VMware VirtualCenter Management Web Services |
vCenter Server 5.x | 8083 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
vCenter Server 5.x | 8085 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics/SDK |
vCenter Server 5.x | 8086 | TCP | vCenter Server | vCenter Server | Internal Communication Port |
vCenter Server 5.x | 8087 | TCP | vCenter Server | vCenter Server | Internal Service Diagnostics |
vCenter Server 5.x | 8089 | TCP | vCenter Server | vCenter Server | SDK Tunneling Port |
vCenter Server 5.x | 8443 | TCP | Client PC | Linked vCenter Servers | Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services. |
vCenter Server 5.x | 8443 | TCP | vCenter Server | vCenter Server | VMware Web Management Services Linked Mode Communication port |
vCenter Server 5.x | 9443 | TCP | Client PC | vCenter Server | vSphere Web Client Access |
vCenter Server 5.x | 10111 | TCP | vCenter Server | Linked vCenter Servers | vCenter Inventory Service Linked Mode Communication |
vCenter Server 5.x | 10443 | TCP | Client PC | Linked vCenter Servers | vCenter Inventory Service Linked Mode Communication between Inventory Service instances.This can be changed during the vCenter Server installation and should be adjusted in the firewall settings as needed. |
vCenter Server 5.x | 51915 | TCP | ESXi | vSphere Authentication Proxy | This is a web service, which is used to add host to Active Directory domain. |
vCenter Server 5.x | 60099 | TCP | vCenter Server | vCenter Server | Web Service change service notification port |
vCenter Server 5.1 | 7005 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Base shutdown port. |
For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1. | |||||
vCenter Server 5.1 | 7080 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | HTTP Port |
vCenter Server 5.1 | 7009 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | AJP Port |
vCenter Server 5.1 | 49152 to 65535 | TCP | Active Directory | vCenter Server | Allow Active Directory authentication/communication between domain controllers and vCenter Server. |
vCenter Server 5.1/5.5 | 7444 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Lookup Service, HTTPS Port |
vCenter Server 5.1/5.5 | 8003 | TCP | vCenter Server (Tomcat Server settings) | vCenter Server Management Web Services | vCenter Server Management Web Service shutdown |
vCenter Server 5.5 | 31000 to 32999 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Internal Communication Ports for VMware Secure Token Service, which uses two available ports. One port from the 31000 to 31999 range and one port from the 32000 to 32999 range. |
vCenter Server 5.5 | 88 | TCP | vCenter Server | vCenter Single Sign-On | Kdc Service |
vCenter Server 5.5 | 2012 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Directory Service |
vCenter Server 5.5 | 2013 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Kdc Service |
vCenter Server 5.5 | 2014 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | VMware Certificate Service inter-communications with vCenter Single Sign-On |
vCenter Server 5.5 | 6501 | TCP | Auto Deploy service | ESXi Host | Auto Deploy Service |
vCenter Server 5.5 | 6502 | TCP | Auto Deploy Manager | vSphere Client | Auto Deploy Manager Service |
vCenter Server 5.5 | 7331 | TCP | vSphere Web Client | vCenter Server (Tomcat Server settings) | HTML5 remote console for virtual machines |
vCenter Server 5.5 Update 2 and later | 7343 | TCP | vSphere Web Client | vCenter Server (Tomcat Server settings) | HTML5 remote console for virtual machines, HTTPS |
vCenter Server 5.5 | 7444 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Lookup Service, HTTPS port |
vCenter Server 5.5 | 8190 | TCP | vCenter Server | vCenter Server | Storage Policy Server HTTP |
vCenter Server 5.5 | 8191 | TCP | vCenter Server | vCenter Server | Storage Policy Server HTTPS |
vCenter 5.5 | 9875-9877 | TCP | vSphere Web Client | vSphere Web Client | vSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting. |
vCenter Server 5.5 | 9090 | TCP | vSphere Web Client HTTP | vSphere Web Client | HTTP redirect to HTTPS |
vCenter Server 5.5 | 11711 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Directory service LDAP use for replication between vCenter Single Sign-On nodes |
vCenter Server 5.5 | 11712 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Directory service LDAPS use for replication between vCenter Single Sign-On nodes |
vCenter Server 5.5 | 12721 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | Identity Management Service (IDM) internal client/server communication port. |
Used by VMware Identity Management Service. | |||||
vCenter Server 5.5 | 12443 | TCP | Log Browser | vCenter Server | Log Browser |
vCenter Server 5.5 | 22000 | TCP | vCenter Server | vCenter Server | vCenter Server Storage Monitoring Service HTTP |
vCenter Server 5.5 | 22100 | TCP | vCenter Server | vCenter Server | vCenter Server Storage Monitoring Service HTTPS |
vCenter Server 5.5 | 31000 | TCP | vCenter Server | vCenter Server | VMware vSphere Profile-Driven Storage Service HTTP |
vCenter Server 5.5 | 31100 | TCP | vCenter Server | vCenter Server | VMware vSphere Profile-Driven Storage Service HTTPS |
vCenter Server 5.5 | 49000 to 65000 | TCP | Active Directory | vCenter Server | Allow Active Directory authentication/communication between domain controllers and vCenter Server.Used by the VMware Identity Management Service |
vCenter Server 6.0 | 22 | TCP/UDP | vCenter Server | SSH Client | System port for SSHD. This port is only used by the vCenter Server Appliance |
vCenter Server 6.0 | 80 | TCP | Client PC | vCenter Server | vCenter Server requires port80for direct HTTP connections. Port80redirects requests to HTTPS port 443. This redirection is useful if you accidentally usehttp://serverinstead ofhttps://server. WS-Management (also requires port 443 to be open). If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service. When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade. |
vCenter Server 6.0 | 88 | TCP | vCenter Server | Active Directory Server | VMware key distribution center port |
vCenter Server 6.0 | 389 | TCP/UDP | vCenter Server | Linked vCenter Servers | This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535. |
vCenter Server 6.0 | 443 | TCP | vSphere Web Client | vCenter Server | The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall. The vCenter Server system also uses port 443 to monitor data transfer from SDK clients. Port 443 is also used for these services: WS-Management (also requires port 80 to be open) Third-party network management client connection to vCenter Server. Third-party network management clients access to host |
vCenter Server 6.0 | 514 | UDP | Syslog Collector | Syslog Collector | vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance |
vCenter Server 6.0 | 636 | TCP | Platform Service Controller | Management Nodes | For vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the SSL service on any port from 1025through65535. This port is also used during install to verify SSL certificates. |
vCenter Server 6.0 | 902 | TCP/UDP | vCenter Server | ESXi 6.0/5.x | The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts. Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles. |
vCenter Server 6.0 | 10080 | TCP | vCenter Server | Inventory Service | vCenter Server vCenter Inventory Service HTTP |
vCenter Server 6.0 | 1514 | TCP/UDP | Syslog Collector | Syslog Collector | vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance |
vCenter Server 6.0 | 2012 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | Control interface RPC for vCenter Single Sign-On(SSO). |
vCenter Server 6.0 | 2014 | TCP | vCenter Server (Tomcat Server settings) | vCenter Single Sign-On | RPC port for all VMCA (VMware Certificate Authority) APIs. |
vCenter Server 6.0 | 2020 | TCP/UDP | vCenter Server | vCenter Server | Authentication framework management |
vCenter Server 6.0 | 6500 | TCP/UDP | vCenter Server | ESXi host | ESXi Dump Collector port |
vCenter Server 6.0 | 6501 | TCP | Auto Deploy service | ESXi Host | Auto Deploy service |
vCenter Server 6.0 | 6502 | TCP | Auto Deploy Manager | vSphere Client | Auto Deploy management |
vCenter Server 6.0 | 7444 | TCP | Secure Token Service | ||
vCenter Server 6.0 | 8009 | TCP | vCenter Server | vCenter Server | AJP Port |
vCenter Server 6.0 | 8089 | TCP | vCenter Server | vCenter Server | SDK Tunneling Port |
vCenter Server 6.0 | 9443 | TCP | vSphere Web Client Server | vSphere Web Client | vSphere Web Client HTTPS |
vCenter Server 6.0 | 11711 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | VMware Directory service (vmdir) LDAP |
vCenter Server 6.0 | 11712 | TCP | vCenter Single Sign-On | vCenter Single Sign-On | VMware Directory service (vmdir) LDAPS |