VMware
 

Knowledge Base

Search the Knowledge Base:
Products:
Search In:
 

Which ports are required for vShield Zones operation?

Details

Communication between the vShield Manager and vShield agents, as well as between a client PC and the vShield Manager, requires open ports for the exchange of configuration and reporting data.

Clear-text communication occurs only between the vShield Manager and a vShield agent to log syslog or SNMP trap messages on Network Management Software (NMS) servers and when passing Network Time Protocol (NTP) traffic.

Solution

The following ports are required for vShield Zones operation.

Port
Application Protocol (Transport Protocol)
Direction
Purpose
22
SSH (TCP)
vShield Manager to vShield agentAll communication passing from the vShield Manager to vShield agents, including initial connection. When connecting to vShield agents, the vShield Manager initiates and maintains a secure communication channel using SSH encryption. All vShield agent configuration propagations and health checks occur over this secure channel. For the vShield Manager to be able to establish a connection with a vShield agent, each vShield agent must be configured with a unique encryption key, which is stored in hashed format on the vShield Manager and the vShield agent for added security.
123
NTP (UDP)
Bidrectional
Time synchronization
443
HTTPS (TCP)
PC to vShield Manager
Administrators can access the vShield Manager user interface by using a Hyper Text Transfer Protocol Secure (HTTPS) Web browser session. This ensures that network communication to the vShield Manager user interface is secure, and sensitive configuration information between your Web browser and the vShield Manager does not show up as clear text in the network.
1162
SNMP (UDP)
vShield agent to vShield ManagervShield Zones utilizes port 1162 to send SNMP trap messages from vShield agents to the vShield Manager. All other statistics, including memory and CPU, use port 22. The well-known SNMP port over UDP is 162; vShield Zones utilizes a custom SNMP port.

Feedback

Rate this article:
(1 Ratings)

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
Email address (optional)
Submit
Rate this article:
(1 Ratings)
Actions
  • KB Article: 1011352
  • Updated: Aug 14, 2009
  • Products:
    VMware vShield Zones
  • Product Versions:
    VMware vShield Zones 1.0.x