Outbound syslog traffic configured as a Forwarder destination
vRealize Log Insight appliance
System sending logs
vRealize Log Insight appliance
1514, 6514
TCP
Syslog data over SSL
vRealize Log Insight appliance
vRealize Log Insight Agents
vRealize Log Insight appliance
9000
TCP
Log Insight Ingestion API
vRealize Log Insight appliance
vRealize Log Insight Agents
vRealize Log Insight appliance
9543
TCP
Log Insight Ingestion API over SSL
vRealize Log Insight appliance
Admin workstation
vRealize Log Insight appliance
22
TCP
SSH: Secure Shell connectivity
vRealize Log Insight appliance
User workstation
vRealize Log Insight appliance
80
TCP
HTTP: Web interface
vRealize Log Insight appliance
User workstation
vRealize Log Insight appliance
443
TCP
HTTPS: Web interface
vRealize Log Insight appliance
vRealize Log Insight appliance
NTP Server
123
UDP
NTPD: Provides NTP time synchronization
vRealize Log Insight appliance
vRealize Log Insight appliance
Mail Server
25
TCP
SMTP: mail service for outbound alerts
vRealize Log Insight appliance
vRealize Log Insight appliance
Mail Server
465
TCP
SMTPS: mail service over SSL for outbound alerts
vRealize Log Insight appliance
vRealize Log Insight appliance
DNS server
53
TCP,UDP
DNS: name resolution service
vRealize Log Insight appliance
vRealize Log Insight appliance
AD server
389
TCP,UDP
Active Directory
vRealize Log Insight appliance
vRealize Log Insight appliance
AD server
636
TCP
Active Directory over SSL
vRealize Log Insight appliance
vRealize Log Insight appliance
AD server
3268
TCP
Active Directory Global Catalog
vRealize Log Insight appliance
vRealize Log Insight appliance
AD server
3269
TCP
Active Directory Global Catalog SSL
vRealize Log Insight appliance
vRealize Log Insight appliance
AD server
88
TCP, UDP
Kerberos
vRealize Log Insight appliance
vRealize Log Insight appliance
vCenter Server
443
TCP
HTTPs: vCenter Server Web Service
vRealize Log Insight appliance
vRealize Log Insight appliance
vRealize Operations Manager appliance
443
TCP
HTTPS: vRealize Operations Web service
vRealize Log Insight appliance
vRealize Log Insight appliance
Third-party log manager
514
TCP,UDP
syslog data
vRealize Log Insight appliance
vRealize Log Insight appliance
Third-party log manager
9000
CFAPI
Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination
vRealize Log Insight appliance
vRealize Log Insight appliance
Third-party log manager
9543
CFAPI
Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination with encryption (SSL/TLS)
vSphere Replication 8.1
vSphere Replication appliance
Local and remote vCenter Server
80
TCP
All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Serverproxy system.
vSphere Replication 8.1
vSphere Replication server in the vSphere Replication appliance
ESXi host (intra-site)
80
TCP
HTTP: Used to establish the connection before initial replication starts.
vSphere Replication 8.1
vSphere Replication appliance
Local and remote vCenter Server
443
TCP
HTTPS: All management traffic to the vSphere Replication appliance.
vSphere Replication 8.1
vSphere Replication server in the vSphere Replicationappliance
ESXi host (intra-site only) on secondary site
902
TCP,UDP
Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
vSphere Replication 8.1
Admin workstation
vSphere Replication appliance
5480
TCP
HTTPS: vSphere Replication virtual appliance management interface (VAMI) Web UI.
vSphere Replication 8.1
vCenter Server proxy
vSphere Replication appliance
8043
TCP
SOAP: Intra-site communication from the vCenter Server proxy to the vSphere Replication appliance
vSphere Replication 8.1
vSphere Replication appliance
vSphere Replication server
8123
TCP
SOAP: IIntra-site management traffic from the vSphere Replication Management server to additional vSphere Replication server in the environment
vSphere Replication 8.1
ESXi on Source Site
vSphere Replicationserver at the target site
31031
TCP
Initial and outgoing replication traffic from the ESXi host at the source site to the vSphere Replication appliance or vSphere Replication server at the target site.
vSphere Replication 8.1
ESXi host at the source site
Center Server at the source site
80
TCP
Cloud Replication: The vCenter Server reverse proxy forwards VIB (vCloud Availability firewall rules) download request to the vSphere Replication appliance.
vSphere Replication 8.1
The vSphere Replication appliance at the source site
vCloud API
443
TCP
REST over HTTPS: Cloud Replication: vSphere Replication appliance connects to this port to send replication data to a cloud organization
vSphere Replication 8.1
ESXi host at the source site
vSphere Replicationappliance at the source site
10000-10010
TCP
Cloud Replication: The vCloud Tunneling Agent opens one of these ports on the vSphere Replication appliance. ESXi hosts connect to that port to send replication data to a cloud organization.
Site Recovery Manager 6.5
Site Recovery Manager Server (protected and recovry site)
vCenter Server (protected and recovery sites)
443
TCP
HTTPS: Default Web SSL Port
Site Recovery Manager 6.5
Site Recovery Manager Server (protected and recovry site)
vCenter Server (protected and recovery sites)
443
TCP
HTTPS: Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.
Site Recovery Manager 6.5
Site Recovery Manager Server on the recovery site
Recovery site ESXi host
902
TCP,UDP
Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.
Site Recovery Manager 6.5
Site Recovery Manager Server on the recovery site
Recovery site ESXi host
443
TCP
Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with VMTools 10.1.0 and higher and with configured IP customization or callout commands on recovered virtual machines.
Site Recovery Manager 6.5
Site Recovery Manager Server
Microsoft SQL Server
1433
TCP
Site Recovery Manager database connectivity to SQL Server
Site Recovery Manager 6.5
Site Recovery Manager Server
Oracle Database Server
15,211,526
TCP
Site Recovery Manager database connectivity to Oracle
Site Recovery Manager 6.5
vSphere Web Client
Site Recovery Manager Server
9086
TCP
HTTPS: All management traffic to Site Recovery Manager Server goes to this port. This includes traffic by external API clients for task automation and HTTPS interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system. Used by vSphere Web Client to download the Site Recovery Manager client plug-in.
Site Recovery Manager 6.5
vCenter Server
Site Recovery Manager Server Recovery Site
9086
TCP
HTTPS: vCenter and target SRM communication
Site Recovery Manager 6.5
Site Recovery Manager Protected Site
Site Recovery Manager Server Recovery Site
9086
TCP
HTTPS: SRM to SRM coomunication
Site Recovery Manager 6.5
Site Recovery Manager Server (protected and recovry site)
vSphere Replication appliance on the recovery and protected sites
8043
TCP
HTTPS: Management traffic between Site Recovery Management instances and vSphere Replication appliances.
HTTPS: vRealize Business for Cloud virtual appliance management interface (VAMI) Web UI.
vRealize Business for Cloud 7.4
vRealize Automation
vRealize Business for Cloud
443
TCP
HTTPS: For pricing service
vRealize Business for Cloud 7.4
vRealize Business for Cloud Appliance
vCenter Server Inventory Service
10443
TCP
For a successful data collection
vRealize Business for Cloud 7.4
User workstation
vRealize Business for Cloud Appliance
443
TCP
HTTPS:For logging in to a remote data collection manager, add data sources, and manage data collectors through the web management interface.
vRealize Business for Cloud 7.4
vRealize Business for Cloud Appliance remote collector
vRealize Business for Cloud Appliance
443
TCP
HTTPS: For the remote data collection manager to register with vRealize Business for Cloud server.
vRealize Business for Cloud 7.4
vRealize Business for Cloud Appliance
https://vrbc-services.vmware.com
443
TCP
HTTPS: For automatic update of the reference database
vRealize Business for Cloud 7.4
vRealize Business for Cloud Appliance
vRealize Log Insight appliance
9543
TCP
For exporting logs to vRealize Log Insightserver.
vRealize Business for Cloud 7.4
vRealize Business for Cloud Appliance
vRealize Identity Manager (vIDM)
443
TCP
HTTPs: For vIDM Authenication
vRealize Orchestrator 7.4
Admin workstation
Orchestrator Server
8280
TCP
HTTP: The requests sent to Orchestrator default HTTP Web port 8280 are redirected to the default HTTPS Web port 8281
vRealize Orchestrator 7.4
Admin workstation
Orchestrator Server
8281
TCP
HTTPS: The access port for the Web Orchestrator home page
vRealize Orchestrator 7.4
Admin workstation
Orchestrator Server
22
TCP
SSH: Secure Shell connectivity
vRealize Orchestrator 7.4
Admin workstation
Orchestrator Server
8283
TCP
HTTPS: Control Centre UI Access
vRealize Orchestrator 7.4
Orchestrator Server
AD server
389
TCP,UDP
Active Directory
vRealize Orchestrator 7.4
Orchestrator Server
AD server
636
TCP
Active Directory over SSL
vRealize Orchestrator 7.4
Orchestrator Server
AD server
3268
TCP
Active Directory Global Catalog
vRealize Orchestrator 7.4
Orchestrator Server
AD server
3269
TCP
Active Directory Global Catalog SSL
vRealize Orchestrator 7.4
Orchestrator Server
Microsoft SQL Server
1433
TCP
Orchestrator database connectivity to SQL Server
vRealize Orchestrator 7.4
Orchestrator Server
Postgres DB
5432
TCP
Orchestrator database connectivity to Postgres
vRealize Orchestrator 7.4
Orchestrator Server
Oracle Database Server
1521
TCP
Orchestrator database connectivity to Oracle
vRealize Orchestrator 7.4
Orchestrator Server
vCenter Server
443
TCP
The vCenter Server API communication port used by Orchestrator to obtain virtual infrastructure and virtual machine information from the orchestrated vCenter Server instances
vRealize Orchestrator 7.4
Orchestrator Server
Mail Server
25
TCP
SMTP: mail service for outbound alerts and notifications
vRealize Orchestrator 7.4
Orchestrator Server
Platform Service Controller
443
TCP
For Single Sign On
vSphere 6.7
vCenter Server
ESXi
5988
TCP
Server for CIM
vSphere 6.7
vCenter Server
ESXi
5989
TCP
Secure Server for CIM
vSphere 6.7
CIM SLP
ESXi
427
TCP,UDP
The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers.
vSphere 6.7
DHCPv6
ESXi
546
TCP,UDP
DHCP client for IPv6
vSphere 6.7
ESXi
ESXi
8301-8302
UDP
DVSSync ports are used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled
vSphere 6.7
ESXi
ESXi
902
TCP
Network File Copy (NFC) provides a file-type-aware FTP/Content Librbary service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default.
vSphere 6.7
ESXi / vSAN
ESXi / vSAN
12,345
UDP
VMware vSAN Cluster Monitoring and Membership Directory Service. Uses UDP-based IP multicast to establish cluster members and distribute vSAN metadata to all cluster members. If disabled, vSAN does not work.
vSphere 6.7
ESXi / vSAN
ESXi / vSAN
23451
UDP
VMware vSAN Cluster Monitoring and Membership Directory Service. Uses UDP-based IP multicast to establish cluster members and distribute vSAN metadata to all cluster members. If disabled, vSAN does not work.
vSphere 6.7
DHCP Client
ESXI
68
UDP
DHCP client for IPv4
vSphere 6.7
DNS
ESXi
53
UDP
DNS: name resolution service
vSphere 6.7
ESXi
ESXi
8,100
T CP,UDP
Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7
ESXi
ESXi
8200
T CP,UDP
Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7
ESXi
ESXi
8,300
T CP,UDP
Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7
ESXi / NSX
ESXi / NSX
6999
UDP
NSX Virtual Distributed Router service
vSphere 6.7
ESXi / vSAN
ESXi / vSAN
2233
TCP
vSAN reliable datagram transport. Uses TCP and is used for vSAN storage IO. If disabled, vSAN does not work.
vSphere 6.7
SNMP Server
ESXi
161
UDP
Allows the host to connect to an SNMP server
vSphere 6.7
Admin workstation
ESXi
22
TCP
SSH: Secure Shell connectivity
vSphere 6.7
ESXi
ESXi
8000
TCP
vMotion: Required for virtual machine migration with vMotion. ESXi hosts listen on port 8000 for TCP connections from remote ESXi hosts for vMotion traffic
vSphere 6.7
vSphere Web Client
ESXi
902
TCP
Client connections
vSphere 6.7
vSphere Web Client
ESXi
443
TCP
Client connections
vSphere 6.7
vCenter
ESXi /vSAN
8080
TCP
vSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about vSAN storage profiles, capabilities, and compliance. If disabled, vSAN Storage Profile Based Management (SPBM) does not work.
vSphere 6.7
Admin workstation
ESXi
80
TCP
Welcome page, with download links for different interfaces
vSphere 6.7
Admin workstation
ESXi
443
TCP
ESXi HTML5 Local UI
vSphere 6.7
vCenter Update Manager
ESXi
902
TCP
vCenter Update Manager connects to ESXi/ESX hosts on TCP port 902 for pushing virtual machine patches and host upgrade files
vSphere 6.7
ESXi
vCenter Server
427
T CP,UDP
The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers.
vSphere 6.7
ESXi
DHCPv6
547
T CP,UDP
DHCP client for IPv6
vSphere 6.7
ESXi
Wake on Lan
9
UDP
Used by Wake on Lan
vSphere 6.7
ESXi
DHCP
68
UDP
DHCP client for IPv4
vSphere 6.7
ESXi
DNS server
53
UDP
DNS: name resolution service
vSphere 6.7
ESXi
Software iSCSI Client
3260
TCP
Supports software iSCSI
vSphere 6.7
ESXi
vCenter Server
902
UDP
vCenter Server agent
vSphere 6.7
ESXi / vSAN
vCenter Server
8080
TCP
vSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about vSAN storage profiles, capabilities, and compliance. If disabled, vSAN Storage Profile Based Management (SPBM) does not work.
vSphere 6.7
ESXi
vCenter Server
9080
TCP
Used by the I/O Filters storage feature
vSphere 6.7
ESXi
vCenter Server
9084
TCP
ESXi/ESX hosts connect to the Update Manager Web Server listening on HTTP port 9084 for host patch downloads
vSphere 6.7
ESXi
NTP Server
123
UDP
NTPD: Provides NTP time synchronization (+ required for AD Authenication)
vSphere 6.7
ESXi
Syslog Server
514
TCP, UDP
syslog data
vSphere 6.7
ESXI
AD server
88
TCP
Adding to the Domain:Kerberos Authenication
vSphere 6.7
ESXI
AD server
135
TCP
Adding to the Domain:NetBIOS
vSphere 6.7
ESXI
AD server
137,139
TCP
Adding to the Domain:LDAP
vSphere 6.7
ESXI
AD server
389
TCP
Adding to the Domain:LDAP
vSphere 6.7
ESXI
AD server
445
TCP
Adding to the Domain:Microsoft-DS Active Directory, Windows shares (SMB over TCP)
vSphere 6.7
ESXI
AD server
464
TCP
Adding to the Domain:Kerberos - password changes
vSphere 6.7
ESXI
AD server
3268
TCP
Adding to the Domain:Global Catalog search
Product
Source
Destination
Port
Protocol
Service Description
This table is an un-offical community project to provide a one site page for all VMware Products and the port requirements.
Change Log;
17-07-2018, ESXi Ports Added
12-07-2018, Initial Release Covers SRM, vRB, vRLI, vRO and vSphere Replication
Over time it will grow to cover most products, if you would like a product added or see an error, please email on vmware.ports@ramblinghikers.co.uk or leave a comment below.