vCenter Server, ESX hosts, and other network components are accessed using predetermined TCP and UDP ports. If you manage network components from outside a firewall, you might be required to reconfigure the firewall to allow access on the appropriate ports.

TCP and UDP Ports lists TCP and UDP ports, and the purpose and the type of each.

The ports are connected through the service console interface, unless otherwise indicated.

TCP and UDP Ports

Port

Purpose

Traffic Type

22

SSH Server

Incoming TCP

80

HTTP access

The default non-secure TCP Web port typically used in conjunction with port 443 as a front end for access to ESX networks from the Web. Port 80 redirects traffic to an HTTPS landing page (port 443).

Connection to vSphere Web Access from the Web

WS-Management

Incoming TCP

123

NTP Client

Outgoing UDP

427

The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers.

Incoming and outgoing UDP

443

HTTPS access

vCenter Server access to ESX hosts

Default SSL Web port

vSphere Client access to vCenter Server

vSphere Client access to ESX hosts

WS-Management

vSphere Client access to vSphere Update Manager

vSphere Converter access to vCenter Server

vSphere Web Access and third-party network management client connections to vCenter Server

Direct vSphere Web Access and third-party network management clients access to hosts

Incoming TCP

902

Host access to other hosts for migration and provisioning

Authentication traffic for ESX (xinetd/vmware-authd)

vSphere Client access to virtual machine consoles

(UDP) Status update (heartbeat) connection from ESX to vCenter Server

Incoming TCP, outgoing UDP

903

Remote console traffic generated by user access to virtual machines on a specific ESX host.

vSphere Client access to virtual machine consoles

vSphere Web Access Client access to virtual machine consoles

MKS transactions (xinetd/vmware-authd-mks)

Incoming TCP

2049

Transactions from NFS storage devices

This port is used on the VMkernel interface rather than the service console interface.

Incoming and outgoing TCP

2050–2250

Traffic between ESX hosts for VMware High Availability (HA) and EMC Autostart Manager

Outgoing TCP, incoming and outgoing UDP

3260

Transactions to iSCSI storage devices

This port is used on the VMkernel interface and the service console interface.

Outgoing TCP

5900-5964

RFB protocol, which is used by management tools such as VNC

Incoming and outgoing TCP

5989

CIM XML transactions over HTTPS

Incoming and outgoing TCP

8000

Requests from vMotion

This port is used on the VMkernel interface rather than the service console interface.

Incoming and outgoing TCP

8042–8045

Traffic between ESX hosts for HA and EMC Autostart Manager

Outgoing TCP, incoming and outgoing UDP

8100, 8200

Traffic between ESX hosts for VMware Fault Tolerance

Outgoing TCP, incoming and outgoing UDP

In addition to the TCP and UDP ports listed in TCP and UDP Ports, you can configure other ports depending on your needs:

You can use vSphere Client to open ports for installed management agents and supported services such as NFS.

You can open ports in the service console firewall for other services and agents required for your network by running command-line scripts.