VMware Ports

Product:

Source:

Destination:

Port:

Protocol:

Service Description:

Product	Source	Destination	Port	Protocol	Service Description
vRealize Log Insight appliance	System sending logs	vRealize Log Insight appliance	514	TCP,UDP	Outbound syslog traffic configured as a Forwarder destination
vRealize Log Insight appliance	System sending logs	vRealize Log Insight appliance	1514, 6514	TCP	Syslog data over SSL
vRealize Log Insight appliance	vRealize Log Insight Agents	vRealize Log Insight appliance	9000	TCP	Log Insight Ingestion API
vRealize Log Insight appliance	vRealize Log Insight Agents	vRealize Log Insight appliance	9543	TCP	Log Insight Ingestion API over SSL
vRealize Log Insight appliance	Admin workstation	vRealize Log Insight appliance	22	TCP	SSH: Secure Shell connectivity
vRealize Log Insight appliance	User workstation	vRealize Log Insight appliance	80	TCP	HTTP: Web interface
vRealize Log Insight appliance	User workstation	vRealize Log Insight appliance	443	TCP	HTTPS: Web interface
vRealize Log Insight appliance	vRealize Log Insight appliance	NTP Server	123	UDP	NTPD: Provides NTP time synchronization
vRealize Log Insight appliance	vRealize Log Insight appliance	Mail Server	25	TCP	SMTP: mail service for outbound alerts
vRealize Log Insight appliance	vRealize Log Insight appliance	Mail Server	465	TCP	SMTPS: mail service over SSL for outbound alerts
vRealize Log Insight appliance	vRealize Log Insight appliance	DNS server	53	TCP,UDP	DNS: name resolution service
vRealize Log Insight appliance	vRealize Log Insight appliance	AD server	389	TCP,UDP	Active Directory
vRealize Log Insight appliance	vRealize Log Insight appliance	AD server	636	TCP	Active Directory over SSL
vRealize Log Insight appliance	vRealize Log Insight appliance	AD server	3268	TCP	Active Directory Global Catalog
vRealize Log Insight appliance	vRealize Log Insight appliance	AD server	3269	TCP	Active Directory Global Catalog SSL
vRealize Log Insight appliance	vRealize Log Insight appliance	AD server	88	TCP, UDP	Kerberos
vRealize Log Insight appliance	vRealize Log Insight appliance	vCenter Server	443	TCP	HTTPs: vCenter Server Web Service
vRealize Log Insight appliance	vRealize Log Insight appliance	vRealize Operations Manager appliance	443	TCP	HTTPS: vRealize Operations Web service
vRealize Log Insight appliance	vRealize Log Insight appliance	Third-party log manager	514	TCP,UDP	syslog data
vRealize Log Insight appliance	vRealize Log Insight appliance	Third-party log manager	9000	CFAPI	Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination
vRealize Log Insight appliance	vRealize Log Insight appliance	Third-party log manager	9543	CFAPI	Outbound Log Insight Ingestion API (CFAPI) traffic configured as a Forwarder destination with encryption (SSL/TLS)
vSphere Replication 8.1	vSphere Replication appliance	Local and remote vCenter Server	80	TCP	All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Serverproxy system.
vSphere Replication 8.1	vSphere Replication server in the vSphere Replication appliance	ESXi host (intra-site)	80	TCP	HTTP: Used to establish the connection before initial replication starts.
vSphere Replication 8.1	vSphere Replication appliance	Local and remote vCenter Server	443	TCP	HTTPS: All management traffic to the vSphere Replication appliance.
vSphere Replication 8.1	vSphere Replication server in the vSphere Replicationappliance	ESXi host (intra-site only) on secondary site	902	TCP,UDP	Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
vSphere Replication 8.1	Admin workstation	vSphere Replication appliance	5480	TCP	HTTPS: vSphere Replication virtual appliance management interface (VAMI) Web UI.
vSphere Replication 8.1	vCenter Server proxy	vSphere Replication appliance	8043	TCP	SOAP: Intra-site communication from the vCenter Server proxy to the vSphere Replication appliance
vSphere Replication 8.1	vSphere Replication appliance	vSphere Replication server	8123	TCP	SOAP: IIntra-site management traffic from the vSphere Replication Management server to additional vSphere Replication server in the environment
vSphere Replication 8.1	ESXi on Source Site	vSphere Replicationserver at the target site	31031	TCP	Initial and outgoing replication traffic from the ESXi host at the source site to the vSphere Replication appliance or vSphere Replication server at the target site.
vSphere Replication 8.1	ESXi host at the source site	Center Server at the source site	80	TCP	Cloud Replication: The vCenter Server reverse proxy forwards VIB (vCloud Availability firewall rules) download request to the vSphere Replication appliance.
vSphere Replication 8.1	The vSphere Replication appliance at the source site	vCloud API	443	TCP	REST over HTTPS: Cloud Replication: vSphere Replication appliance connects to this port to send replication data to a cloud organization
vSphere Replication 8.1	ESXi host at the source site	vSphere Replicationappliance at the source site	10000-10010	TCP	Cloud Replication: The vCloud Tunneling Agent opens one of these ports on the vSphere Replication appliance. ESXi hosts connect to that port to send replication data to a cloud organization.
Site Recovery Manager 6.5	Site Recovery Manager Server (protected and recovry site)	vCenter Server (protected and recovery sites)	443	TCP	HTTPS: Default Web SSL Port
Site Recovery Manager 6.5	Site Recovery Manager Server (protected and recovry site)	vCenter Server (protected and recovery sites)	443	TCP	HTTPS: Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.
Site Recovery Manager 6.5	Site Recovery Manager Server on the recovery site	Recovery site ESXi host	902	TCP,UDP	Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.
Site Recovery Manager 6.5	Site Recovery Manager Server on the recovery site	Recovery site ESXi host	443	TCP	Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with VMTools 10.1.0 and higher and with configured IP customization or callout commands on recovered virtual machines.
Site Recovery Manager 6.5	Site Recovery Manager Server	Microsoft SQL Server	1433	TCP	Site Recovery Manager database connectivity to SQL Server
Site Recovery Manager 6.5	Site Recovery Manager Server	Oracle Database Server	15,211,526	TCP	Site Recovery Manager database connectivity to Oracle
Site Recovery Manager 6.5	vSphere Web Client	Site Recovery Manager Server	9086	TCP	HTTPS: All management traffic to Site Recovery Manager Server goes to this port. This includes traffic by external API clients for task automation and HTTPS interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system. Used by vSphere Web Client to download the Site Recovery Manager client plug-in.
Site Recovery Manager 6.5	vCenter Server	Site Recovery Manager Server Recovery Site	9086	TCP	HTTPS: vCenter and target SRM communication
Site Recovery Manager 6.5	Site Recovery Manager Protected Site	Site Recovery Manager Server Recovery Site	9086	TCP	HTTPS: SRM to SRM coomunication
Site Recovery Manager 6.5	Site Recovery Manager Server (protected and recovry site)	vSphere Replication appliance on the recovery and protected sites	8043	TCP	HTTPS: Management traffic between Site Recovery Management instances and vSphere Replication appliances.
vRealize Business for Cloud 7.4	vRealize Automation	vRealize Business for Cloud Appliance	443	TCP	HTTPS: For user interface connections
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance	vRealize Automation, vCenter Server, vCloud Director,vRealize Operations Manager, EMC SRM, AWS, Azure, VMware NSX Manager	443	TCP	HTTPS: Data collection
vRealize Business for Cloud 7.4	vRealize Automation	vRealize Business for Cloud Appliance	22	TCP	SSH: Secure Shell connectivity
vRealize Business for Cloud 7.4	Admin workstation	vRealize Business for Cloud	22	TCP	SSH: Secure Shell connectivity
vRealize Business for Cloud 7.4	Admin workstation	vRealize Business for Cloud	5480	TCP	HTTPS: vRealize Business for Cloud virtual appliance management interface (VAMI) Web UI.
vRealize Business for Cloud 7.4	vRealize Automation	vRealize Business for Cloud	443	TCP	HTTPS: For pricing service
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance	vCenter Server Inventory Service	10443	TCP	For a successful data collection
vRealize Business for Cloud 7.4	User workstation	vRealize Business for Cloud Appliance	443	TCP	HTTPS:For logging in to a remote data collection manager, add data sources, and manage data collectors through the web management interface.
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance remote collector	vRealize Business for Cloud Appliance	443	TCP	HTTPS: For the remote data collection manager to register with vRealize Business for Cloud server.
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance	https://vrbc-services.vmware.com	443	TCP	HTTPS: For automatic update of the reference database
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance	vRealize Log Insight appliance	9543	TCP	For exporting logs to vRealize Log Insightserver.
vRealize Business for Cloud 7.4	vRealize Business for Cloud Appliance	vRealize Identity Manager (vIDM)	443	TCP	HTTPs: For vIDM Authenication
vRealize Orchestrator 7.4	Admin workstation	Orchestrator Server	8280	TCP	HTTP: The requests sent to Orchestrator default HTTP Web port 8280 are redirected to the default HTTPS Web port 8281
vRealize Orchestrator 7.4	Admin workstation	Orchestrator Server	8281	TCP	HTTPS: The access port for the Web Orchestrator home page
vRealize Orchestrator 7.4	Admin workstation	Orchestrator Server	22	TCP	SSH: Secure Shell connectivity
vRealize Orchestrator 7.4	Admin workstation	Orchestrator Server	8283	TCP	HTTPS: Control Centre UI Access
vRealize Orchestrator 7.4	Orchestrator Server	AD server	389	TCP,UDP	Active Directory
vRealize Orchestrator 7.4	Orchestrator Server	AD server	636	TCP	Active Directory over SSL
vRealize Orchestrator 7.4	Orchestrator Server	AD server	3268	TCP	Active Directory Global Catalog
vRealize Orchestrator 7.4	Orchestrator Server	AD server	3269	TCP	Active Directory Global Catalog SSL
vRealize Orchestrator 7.4	Orchestrator Server	Microsoft SQL Server	1433	TCP	Orchestrator database connectivity to SQL Server
vRealize Orchestrator 7.4	Orchestrator Server	Postgres DB	5432	TCP	Orchestrator database connectivity to Postgres
vRealize Orchestrator 7.4	Orchestrator Server	Oracle Database Server	1521	TCP	Orchestrator database connectivity to Oracle
vRealize Orchestrator 7.4	Orchestrator Server	vCenter Server	443	TCP	The vCenter Server API communication port used by Orchestrator to obtain virtual infrastructure and virtual machine information from the orchestrated vCenter Server instances
vRealize Orchestrator 7.4	Orchestrator Server	Mail Server	25	TCP	SMTP: mail service for outbound alerts and notifications
vRealize Orchestrator 7.4	Orchestrator Server	Platform Service Controller	443	TCP	For Single Sign On
vSphere 6.7	vCenter Server	ESXi	5988	TCP	Server for CIM
vSphere 6.7	vCenter Server	ESXi	5989	TCP	Secure Server for CIM
vSphere 6.7	CIM SLP	ESXi	427	TCP,UDP	The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers.
vSphere 6.7	DHCPv6	ESXi	546	TCP,UDP	DHCP client for IPv6
vSphere 6.7	ESXi	ESXi	8301-8302	UDP	DVSSync ports are used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled
vSphere 6.7	ESXi	ESXi	902	TCP	Network File Copy (NFC) provides a file-type-aware FTP/Content Librbary service for vSphere components. ESXi uses NFC for operations such as copying and moving data between datastores by default.
vSphere 6.7	ESXi / vSAN	ESXi / vSAN	12,345	UDP	VMware vSAN Cluster Monitoring and Membership Directory Service. Uses UDP-based IP multicast to establish cluster members and distribute vSAN metadata to all cluster members. If disabled, vSAN does not work.
vSphere 6.7	ESXi / vSAN	ESXi / vSAN	23451	UDP	VMware vSAN Cluster Monitoring and Membership Directory Service. Uses UDP-based IP multicast to establish cluster members and distribute vSAN metadata to all cluster members. If disabled, vSAN does not work.
vSphere 6.7	DHCP Client	ESXI	68	UDP	DHCP client for IPv4
vSphere 6.7	DNS	ESXi	53	UDP	DNS: name resolution service
vSphere 6.7	ESXi	ESXi	8,100	T CP,UDP	Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7	ESXi	ESXi	8200	T CP,UDP	Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7	ESXi	ESXi	8,300	T CP,UDP	Traffic between hosts for vSphere Fault Tolerance (FT)
vSphere 6.7	ESXi / NSX	ESXi / NSX	6999	UDP	NSX Virtual Distributed Router service
vSphere 6.7	ESXi / vSAN	ESXi / vSAN	2233	TCP	vSAN reliable datagram transport. Uses TCP and is used for vSAN storage IO. If disabled, vSAN does not work.
vSphere 6.7	SNMP Server	ESXi	161	UDP	Allows the host to connect to an SNMP server
vSphere 6.7	Admin workstation	ESXi	22	TCP	SSH: Secure Shell connectivity
vSphere 6.7	ESXi	ESXi	8000	TCP	vMotion: Required for virtual machine migration with vMotion. ESXi hosts listen on port 8000 for TCP connections from remote ESXi hosts for vMotion traffic
vSphere 6.7	vSphere Web Client	ESXi	902	TCP	Client connections
vSphere 6.7	vSphere Web Client	ESXi	443	TCP	Client connections
vSphere 6.7	vCenter	ESXi /vSAN	8080	TCP	vSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about vSAN storage profiles, capabilities, and compliance. If disabled, vSAN Storage Profile Based Management (SPBM) does not work.
vSphere 6.7	Admin workstation	ESXi	80	TCP	Welcome page, with download links for different interfaces
vSphere 6.7	Admin workstation	ESXi	443	TCP	ESXi HTML5 Local UI
vSphere 6.7	vCenter Update Manager	ESXi	902	TCP	vCenter Update Manager connects to ESXi/ESX hosts on TCP port 902 for pushing virtual machine patches and host upgrade files
vSphere 6.7	ESXi	vCenter Server	427	T CP,UDP	The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers.
vSphere 6.7	ESXi	DHCPv6	547	T CP,UDP	DHCP client for IPv6
vSphere 6.7	ESXi	Wake on Lan	9	UDP	Used by Wake on Lan
vSphere 6.7	ESXi	DHCP	68	UDP	DHCP client for IPv4
vSphere 6.7	ESXi	DNS server	53	UDP	DNS: name resolution service
vSphere 6.7	ESXi	Software iSCSI Client	3260	TCP	Supports software iSCSI
vSphere 6.7	ESXi	vCenter Server	902	UDP	vCenter Server agent
vSphere 6.7	ESXi / vSAN	vCenter Server	8080	TCP	vSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about vSAN storage profiles, capabilities, and compliance. If disabled, vSAN Storage Profile Based Management (SPBM) does not work.
vSphere 6.7	ESXi	vCenter Server	9080	TCP	Used by the I/O Filters storage feature
vSphere 6.7	ESXi	vCenter Server	9084	TCP	ESXi/ESX hosts connect to the Update Manager Web Server listening on HTTP port 9084 for host patch downloads
vSphere 6.7	ESXi	NTP Server	123	UDP	NTPD: Provides NTP time synchronization (+ required for AD Authenication)
vSphere 6.7	ESXi	Syslog Server	514	TCP, UDP	syslog data
vSphere 6.7	ESXI	AD server	88	TCP	Adding to the Domain:Kerberos Authenication
vSphere 6.7	ESXI	AD server	135	TCP	Adding to the Domain:NetBIOS
vSphere 6.7	ESXI	AD server	137,139	TCP	Adding to the Domain:LDAP
vSphere 6.7	ESXI	AD server	389	TCP	Adding to the Domain:LDAP
vSphere 6.7	ESXI	AD server	445	TCP	Adding to the Domain:Microsoft-DS Active Directory, Windows shares (SMB over TCP)
vSphere 6.7	ESXI	AD server	464	TCP	Adding to the Domain:Kerberos - password changes
vSphere 6.7	ESXI	AD server	3268	TCP	Adding to the Domain:Global Catalog search
Product	Source	Destination	Port	Protocol	Service Description

This table is an un-offical community project to provide a one site page for all VMware Products and the port requirements.

Change Log;

17-07-2018, ESXi Ports Added
12-07-2018, Initial Release Covers SRM, vRB, vRLI, vRO and vSphere Replication

Over time it will grow to cover most products, if you would like a product added or see an error, please email on vmware.ports@ramblinghikers.co.uk or leave a comment below.

VMware Ports

Share this: