Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components (1012382)

Purpose

These services and agents are commonly present in a VMware vSphere environment:
  • CIM HTTP server (insecure service)
  • CIM HTTPS server
  • FTP client (insecure service)
  • FTP server (insecure service)
  • iSCSI software client
  • NFS client (insecure service)
  • NFS server (insecure service)
  • NIS client
  • NTP client
  • SMB client (insecure service)
  • SNMP server
  • SSH client
  • SSH server
  • Syslog client
  • Telnet client (insecure service)
  • Telnet server (insecure service)
  • Other supported management agents that you install
vCenter Server, ESX hosts, and other network components are accessed using predetermined TCP and UDP ports. If you manage network components from outside a firewall, you may be required to reconfigure the firewall to allow access on the appropriate ports.

This article provides information on the ports required for VMware products.

For more information, see the documentation associated with your product:

Resolution

TCP and UDP ports should be modified for each of these products:

Note: Ports used with the Virtual Infrastructure / vSphere Client are listed in a separate table at the end of this article.

Product Port Protocol Source Target Purpose
AppSpeed 80 TCP AppSpeed Server vCenter Server 4 vCenter proxy interface. Used only during setup to verify the proxy is setup correctly. Port 80 is the default Web Service Port, but a different TCP port can be configured in vCenter Server 4.
AppSpeed 443 TCP AppSpeed Server vCenter Server 4 Default port for communications. A different TCP port can be configured in vCenter Server 4.
AppSpeed 22 TCP AppSpeed Server AppSpeed Probe Connections to the probes to access the probes outside of the VPN.
AppSpeed 123 UDP AppSpeed Server AppSpeed Probe NTP services
AppSpeed 1194 TCP/UDP AppSpeed Server AppSpeed Probe Communications over OpenVPN
Auto Deploy Server 6501 TCP ESXi vCenter Server Auto Deploy service
Auto Deploy Server 6502 TCP ESXi vCenter Server Auto Deploy management
Consolidated Backup 443 TCP VCB Proxy Server vCenter Server Required for VCB and vcbMounter communication and backup processes
Consolidated Backup 443 TCP VCB Proxy Server ESXi/ESX Host Required for VCB and vcbMounter communication and backup processes
Converter 3.x 137 UDP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x 138 UDP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x 139 TCP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 3.x 443 TCP Source Computer to be converted ESXi/ESX Host Required for destination VM access when target is ESXi/ESX/vCenter
Converter 3.x 443 TCP Source Computer to be converted vCenter Server Required if vCenter Server is the conversion target
Converter 3.x 443 TCP vCenter Converter Server vCenter Server Required if vCenter Server is the conversion target
Converter 3.x 443 TCP vCenter Converter Server ESXi/ESX Host Required for system conversion
Converter 3.x 445 TCP vCenter Converter Server Source Computer to be converted Required for system conversion. Not required if the source computer uses NetBIOS
Converter 3.x 902 TCP Source Computer to be converted ESXi/ESX Host Required for data transport during cloning of system to be converted to target ESXi/ESX Host
Converter 4.x 22 TCP Helper Virtual Machine Source Computer to be converted Required for conversion of Linux-based source computers (data flows from source to VM)
Converter 4.x 22 TCP vCenter Converter Server Source Computer to be converted Required for conversion of Linux-based source computers
Converter 4.x 137 UDP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x 138 UDP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x 139 TCP vCenter Converter Server Source Computer to be converted For hot migration. Not required if the source computer does not use NetBIOS
Converter 4.x 443 TCP vCenter Converter Client vCenter Converter Server Only required if the Converter Client and Converter Server were installed on different systems
Converter 4.x 443 TCP Source Computer to be converted ESXi/ESX Host Required for destination VM access when target is ESXi/ESX/vCenter
Converter 4.x 443 TCP Source Computer to be converted vCenter Server Required if vCenter Server is the conversion target
Converter 4.x 443 TCP vCenter Converter Server vCenter Server Required if vCenter Server is the conversion target
Converter 4.x 443 TCP vCenter Converter Server ESXi/ESX Host Required for system conversion
Converter 4.x 443 TCP vCenter Converter Server Helper Virtual Machine Required for conversion of Linux-based source computers
Converter 4.x 445 TCP vCenter Converter Server Source Computer to be converted Required for system conversion. Not required if the source computer uses NetBIOS
Converter 4.x 902 TCP Source Computer to be converted ESXi/ESX Host Required for data transport during cloning of system to be converted to target ESXi/ESX Host
Converter 4.x 9089, 9090 TCP vCenter Converter Server Source Computer to be converted Required for system conversion. Remote agent deployment
Converter 5.x 22 TCP Converter Standalone server powered-on source machine Used to establish an SSH connection between the Converter Standalone server and the source Linux machine
Converter 5.x 137 UDP Converter Standalone server powered-on source machine For hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x 138 UDP Converter Standalone server powered-on source machine For hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x 139 TCP Converter Standalone server powered-on source machine For hot migration. Not required if the source computer does not use NetBIOS
Converter 5.x 443 TCP Converter Standalone server vCenter Server Required only if theconversion destination is a vCenter Server
Converter 5.x 443 TCP Converter Standalone client Converter Standalone server Required only if the Converter Standalone server and Linux client components are on different machines
Converter 5.x 443 TCP Converter Standalone client vCenter server Required only if the Converter Standalone server and client components are on different machines
Converter 5.x 22 TCP Powered-on Source Linux machine ESXi/ESX Host Uses secure connection port 22 to Host
Converter 5.x 443, 902 TCP Powered-on Source Windows machine ESXi/ESX Host Required for data transfer to destination ESXi/ESX host
Converter 5.x 445 TCP Converter Standalone server powered-on source machine Required for system conversion. Not required if the source computer uses NetBIOS
Converter 5.x 9089 TCP Converter Standalone server powered-on source machine Required for system conversion. Remote agent deployment
Data Recovery 443 TCP Data Recovery Appliance vCenter Server VDR to vCenter Server communications
Data Recovery 902 TCP Data Recovery Appliance ESX Host VDR to ESX communications
Data Recovery 22024 TCP Data Recovery vSphere Client Plug-in Data Recovery Appliance Data Recovery management
ESX 3.x 21 TCP FTP Client ESX Host FTP
ESX 3.x 21 TCP ESX Host FTP Server FTP
ESX 3.x 22 TCP SSH Client ESX Host SSH
ESX 3.x 22 TCP ESX Host SSH Server SSH
ESX 3.x 53 UDP ESXi/ESX Host DNS Server DNS
ESX 3.x 80 TCP Client PC ESXi/ESX Host Redirect Web Browser to HTTPS Service (443)
ESX 3.x 88 TCP ESX Host Active Directory Server PAM Active Directory Authentication - Kerberos
ESX 3.x 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESX 3.x 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESX 3.x 123 UDP ESXi/ESX Host NTP Time Server NTP Client
ESX 3.x 137 to 139 TCP ESX Host SMB Server SMB
ESX 3.x 161 UDP SNMP Server ESX Host SNMP Polling
ESX 3.x 162 UDP ESX Host SNMP Collector SNMP Trap Send
ESX 3.x 389 TCP/UDP ESX Host LDAP Server PAM Active Directory Authentication – LDAP
ESX 3.x 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESX 3.x 427 TCP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESX 3.x 443 TCP Client PC ESX Host Host VI Management via web browser
ESX 3.x 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection
ESX 3.x 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
ESX 3.x 445 TCP ESX Host SMB Server SMB
ESX 3.x 445 TCP ESX Host MS Directory Services Server PAM Active Directory Authentication
ESX 3.x 445 UDP ESX Host MS Directory Services Server PAM Active Directory Authentication
ESX 3.x 464 TCP ESX Host Active Directory Server PAM Active Directory Authentication – Kerberos Password Services
ESX 3.x 514 UDP ESXi/ESX Host Syslog Server Remote syslog logging
ESX 3.x 902 TCP VI /vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS)
ESX 3.x 902 TCP/UDP ESXi/ESX Host ESXi/ESX Host Authentication, Provisioning, VM Migration
ESX 3.x 902 TCP/UDP ESXi/ESX Host Virtual Center 3.x/ vCenter Server 4.x Heartbeat
ESX 3.x 903 TCP VI / vSphere Client ESXi/ESX Host VM Remote Console
ESX 3.x 2049 UDP ESXi/ESX Host NFS Server NFS Client
ESX 3.x 2049 TCP ESXi/ESX Host NFS Server NFS Client
ESX 3.x 2050 to 2250 UDP ESXi/ESX Host ESXi/ESX Host VMware HA
ESX 3.x 3260 TCP ESXi/ESX Host iSCSI SAN Software iSCSI Client and Hardware iSCSI HBA
ESX 3.x 5988 TCP ESXi/ESX Host ESXi/ESX Host CIM Client to CIM Secure Server
ESX 3.x 5989 TCP ESXi/ESX Host VirtualCenter/vCenter Server CIM Secure Server to CIM Client
ESX 3.x 5989 TCP VirtualCenter/vCenter Server ESXi/ESX Host CIM Client to CIM Secure Server
ESX 3.x 8000 TCP ESXi/ESX Host (VM Target) ESXi/ESX Host (VM Source) VMotion Communication on VMKernel Interface
ESX 3.x 8000 TCP ESXi/ESX Host (VM Source) ESXi/ESX Host (VM Target) VMotion Communication on VMKernel Interface
ESX 3.x 8042 to 8045 TCP ESXi/ESX Host ESXi/ESX Host VMware HA
ESX 3.x 27000 TCP ESXi/ESX Host VMware License Server ESXi/ESX 3.x Host to License Server communication
ESX 3.x 27010 TCP ESXi/ESX Host VMware License Server ESXi/ESX 3.x Host to License Server communication
ESX 4.x 21 TCP FTP Client ESX Host FTP
ESX 4.x 21 TCP ESX Host FTP Server FTP
ESX 4.x 22 TCP ESX Host SSH Server SSH
ESX 4.x 22 TCP SSH Client ESX Host SSH
ESX 4.x 53 UDP ESXi/ESX Host DNS Server DNS
ESX 4.x 80 TCP Client PC ESXi/ESX Host Redirect Web Browser to HTTPS Service (443)
ESX 4.x 88 TCP ESX Host Active Directory Server PAM Active Directory Authentication - Kerberos
ESX 4.x 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESX 4.x 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESX 4.x 123 UDP ESXi/ESX Host NTP Time Server NTP Client
ESX 4.x 137 to 139 TCP ESX Host SMB Server SMB
ESX 4.x 161 UDP SNMP Server ESX Host SNMP Polling
ESX 4.x 162 UDP ESX Host SNMP Collector SNMP Trap Send
ESX 4.x 389 TCP/UDP ESX Host LDAP Server PAM Active Directory Authentication – LDAP
ESX 4.x 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESX 4.x 427 TCP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESX 4.x 443 TCP ESXi/ESX Host ESXi/ESX Host Host to Host VM migration and provisioning
ESX 4.x 443 TCP Client PC ESX Host Host VI Management via web browser
ESX 4.x 443 TCP vSphere Client ESXi/ESX Host vSphere Client to ESXi/ESX Host management connection
ESX 4.x 445 UDP ESX Host MS Directory Services Server PAM Active Directory Authentication
ESX 4.x 445 TCP ESX Host MS Directory Services Server PAM Active Directory Authentication
ESX 4.x 445 TCP ESX Host SMB Server SMB
ESX 4.x 464 TCP ESX Host Active Directory Server PAM Active Directory Authentication – Kerberos Password Services
ESX 4.x 514 UDP ESXi/ESX Host Syslog Server Remote syslog logging
ESX 4.x 902 TCP vSphere Client ESXi/ESX Host vSphere Client to ESXi/ESX hosted VM connectivity (MKS)
ESX 4.x 902 TCP/UDP ESXi/ESX Host ESXi/ESX Host Authentication, Provisioning, VM Migration
ESX 4.x 902 TCP/UDP ESXi/ESX Host vCenter Server 4.x Heartbeat
ESX 4.x 903 TCP VI / vSphere Client ESXi/ESX Host VM Remote Console (MKS)
ESX 4.x 1024 (dynamic) TCP/UDP ESX Host Active Directory Server Bi-directional communication on TCP/UDP ports is required between the ESX host and the Active Directory Domain Controller (via the netlogond process on the ESX host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article179442.
ESX 4.x 2049 UDP ESXi/ESX Host NFS Server NFS Client
ESX 4.x 2049 TCP ESXi/ESX Host NFS Server NFS Client
ESX 4.x 2050 to 2250 UDP ESXi/ESX Host ESXi/ESX Host VMware HA
ESX 4.x 3260 TCP ESXi/ESX Host iSCSI SAN Software iSCSI Client and Hardware iSCSI HBA
ESX 4.x 5900 to 5964 TCP ESXi/ESX Host ESXi/ESX Host RFB Protocol used by management toolssuch as VNC
ESX 4.x 5988 TCP ESXi/ESX Host ESXi/ESX Host CIM Client to CIM Secure Server
ESX 4.x 5989 TCP VirtualCenter/vCenter ESXi/ESX Host CIM Client to CIM Secure Server
ESX 4.x 5989 TCP ESXi/ESX Host VirtualCenter/vCenter CIM Secure Server to CIM Client
ESX 4.x 8000 TCP ESXi/ESX Host (VM Target) ESXi/ESX Host (VM Source) VMotion Communication on VMKernel Interface
ESX 4.x 8000 TCP ESXi/ESX Host (VM Source) ESXi/ESX Host (VM Target) VMotion Communication on VMKernel Interface
ESX 4.x 8042 to 8045 TCP ESXi/ESX Host ESXi/ESX Host VMware HA
ESX 4.x 47 UDP ESXi/ESX Host Physical Switches vDS (Virtual Distributed Switch) Broadcast
ESX 4.x 8100 TCP/UDP ESXi/ESX 4 Host ESXi/ESX 4.x Host VMware Fault Tolerance. ESXi/ESX 4 only.
ESX 4.x 8200 TCP/UDP ESXi/ESX 4 Host ESXi/ESX 4.x Host VMware Fault Tolerance. ESXi/ESX 4 only.
ESX 4.x 8301 UDP ESXi/ESX 4.x Host ESXi/ESX 4.x DVS Port Information
ESX 4.x 8302 UDP ESXi/ESX 4.x Host ESXi/ESX 4.x Host DVS Port Information
ESXi 3.x 53 UDP ESXi/ESX Host DNS Server DNS
ESXi 3.x 80 TCP Client PC ESXi/ESX Host Redirect Web Browser to HTTPS Service (443)
ESXi 3.x 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 3.x 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 3.x 123 UDP ESXi/ESX Host NTP Time Server NTP Client
ESXi 3.x 162 UDP ESX Host SNMP Collector SNMP Trap Send
ESXi 3.x 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESXi 3.x 427 TCP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESXi 3.x 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection
ESXi 3.x 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
ESXi 3.x 514 UDP ESXi/ESX Host Syslog Server Remote syslog logging
ESXi 3.x 902 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 3.x 902 TCP/UDP ESXi/ESX Host ESXi/ESX Host Authentication, Provisioning, VM Migration
ESXi 3.x 902 TCP/UDP ESXi/ESX Host Virtual Center 3.x/ vCenter Server 4.x Heartbeat
ESXi 3.x 903 TCP VI / vSphere Client ESXi/ESX Host VM Remote VM Console (MKS)
ESXi 3.x 2049 TCP ESXi/ESX Host NFS Server NFS Client
ESXi 3.x 2049 UDP ESXi/ESX Host NFS Server NFS Client
ESXi 3.x 2050 to 2250 UDP ESXi/ESX Host ESXi/ESX Host VMware HA
ESXi 3.x 3260 TCP ESXi/ESX Host iSCSI SAN Software iSCSI Client and Hardware iSCSI HBA
ESXi 3.x 5988 TCP ESXi/ESX Host ESXi/ESX Host CIM Client to CIM Secure Server
ESXi 3.x 5989 TCP VirtualCenter/vCenter ESXi/ESX Host CIM Client to CIM Secure Server
ESXi 3.x 5989 TCP ESXi/ESX Host VirtualCenter/vCenter CIM Secure Server to CIM Client
ESXi 3.x 8000 TCP ESXi/ESX Host (VM Target) ESXi/ESX Host (VM Source) VMotion Communication on VMKernel Interface
ESXi 3.x 8000 TCP ESXi/ESX Host (VM Source) ESXi/ESX Host (VM Target) VMotion Communication on VMKernel Interface
ESXi 3.x 8042 to 8045 TCP ESXi/ESX Host ESXi/ESX Host VMware HA
ESXi 3.x 27000 TCP ESXi/ESX Host VMware License Server ESXi/ESX 3.x Host to License Server communication
ESXi 3.x 27010 TCP ESXi/ESX Host VMware License Server ESXi/ESX 3.x Host to License Server communication
ESXi 4.x 53 UDP ESXi/ESX Host DNS Server DNS
ESXi 4.x 80 TCP Client PC ESXi/ESX Host Redirect Web Browser to HTTPS Service (443)
ESXi 4.x 88 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
ESXi 4.x 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 4.x 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 4.x 123 UDP ESXi/ESX Host NTP Time Server NTP Client
ESXi 4.x 161 UDP SNMP Server ESXi 4.x Host SNMP Polling. Not used in ESXi 3.x
ESXi 4.x 162 UDP ESXi Host SNMP Collector SNMP Trap Send
ESXi 4.x 389 TCP/UDP ESXi host LDAP Server PAM Active Directory Authentication - Kerberos
ESXi 4.x 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESXi 4.x 427 TCP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESXi 4.x 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection
ESXi 4.x 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
ESXi 4.x 445 UDP ESXi host MS Directory Services Server PAM Active Directory Authentication
ESXi 4.x 445 TCP ESXi host MS Directory Services Server PAM Active Directory Authentication
ESXi 4.x 445 TCP ESXi host SMB Server SMB Server
ESXi 4.x 464 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
ESXi 4.x 514 UDP ESXi/ESX Host Syslog Server Remote syslog logging
ESXi 4.x 902 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX hosted VM connectivity (MKS/Remote Console)
ESXi 4.x 902 TCP/UDP ESXi/ESX Host ESXi/ESX Host Authentication, Provisioning, VM Migration
ESXi 4.x 902 TCP/UDP ESXi/ESX Host vCenter 4 Server Heartbeat
ESXi 4.x 902 TCP VI / vSphere Client ESXi/ESX Host VM Remote VM Console (MKS)
ESXi 4.x 1024 (dynamic) TCP/UDP ESXi Host Active Directory Server Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article179442.
ESXi 4.x 2049 TCP ESXi/ESX Host NFS Server NFS Client
ESXi 4.x 2049 UDP ESXi/ESX Host NFS Server NFS Client
ESXi 4.x 2050 to 2250 UDP ESXi/ESX Host ESXi/ESX Host VMware HA
ESXi 4.x 3260 TCP ESXi/ESX Host iSCSI SAN Software iSCSI Client and Hardware iSCSI HBA
ESXi 4.x 5900to 5964 TCP ESXi/ESX Host ESXi/ESX Host RFB Protocol used by management toolssuch as VNC
ESXi 4.x 5988 TCP ESXi/ESX Host ESXi/ESX Host CIM Client to CIM Secure Server
ESXi 4.x 5989 TCP VirtualCenter/vCenter ESXi/ESX Host CIM Client to CIM Secure Server
ESXi 4.x 5989 TCP ESXi/ESX Host VirtualCenter/vCenter CIM Secure Server to CIM Client
ESXi 4.x 8000 TCP ESXi/ESX Host (VM Target) ESXi/ESX Host (VM Source) VMotion Communication on VMkernel Interface
ESXi 4.x 8000 TCP ESXi/ESX Host (VM Source) ESXi/ESX Host (VM Target) VMotion Communication on VMkernel Interface
ESXi 4.x 47 UDP ESXi/ESX Host Physical Switches vDS (Virtual Distributed Switch) Broadcast
ESXi 4.x 8042 to 8045 TCP ESXi/ESX Host ESXi/ESX Host VMware HA
ESXi 4.x 8100 TCP/UDP ESXi/ESX 4 Host ESXi/ESX 4.x Host VMware Fault Tolerance. ESXi/ESX 4 only.
ESXi 4.x 8200 TCP/UDP ESXi/ESX 4 Host ESXi/ESX 4.x Host VMware Fault Tolerance. ESXi/ESX 4 only.
ESXi 4.x 8301 UDP ESXi/ESX 4.x Host ESXi/ESX 4.x Host DVS Port Information
ESXi 4.x 8302 UDP ESXi/ESX 4.x Host ESXi/ESX 4.x Host DVS Port Information
ESXi 5.x 22 TCP Client PC ESXi Host SSH Server
ESXi 5.x 53 UDP ESXi 5.x DNS Server DNS Client
ESXi 5.x 68 UDP ESXi 5.x DHCP Server DHCP Client
ESXi 5.x 80 TCP Client PC ESXi Host Redirect Web Browser to HTTPS Service (443)
ESXi 5.x 88 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
ESXi 5.x 111 TCP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 5.x 111 UDP ESXi/ESX Host NFS Server NFS Client – RPC Portmapper
ESXi 5.x 123 UDP ESXi/ESX Host NTP Time Server NTP Client
ESXi 5.x 161 UDP SNMP Server ESXi Host SNMP Polling. Not used in ESXi 3.x
ESXi 5.x 162 UDP ESXi Host SNMP Collector SNMP Trap Send
ESXi 5.x 389 TCP/UDP ESXi host LDAP Server PAM Active Directory Authentication - Kerberos
ESXi 5.x 427 UDP VI / vSphere Client ESXi/ESX Host CIM Service Location Protocol (SLP)
ESXi 5.x 443 TCP VI / vSphere Client ESXi/ESX Host VI / vSphere Client to ESXi/ESX Host management connection
ESXi 5.x 443 TCP ESXi/ESX Host ESXi/ESX Host Host to host VM migration and provisioning
ESXi 5.x 445 UDP ESXi host MS Directory Services Server PAM Active Directory Authentication
ESXi 5.x 445 TCP ESXi host MS Directory Services Server PAM Active Directory Authentication
ESXi 5.x 445 TCP ESXi host SMB Server SMB Server
ESXi 5.x 464 TCP ESXi host Active Directory Server PAM Active Directory Authentication - Kerberos
ESXi 5.x 514 UDP/TCP ESXi 5.x Syslog Server Remote syslog logging
ESXi 5.x 902 TCP/UDP ESXi 5.x ESXi Host Host access to other hosts for migration and provisioning
ESXi 5.x 902 TCP vSphere Client ESXi Host vSphere Client access to virtual machine consoles (MKS)
ESXi 5.x 902 TCP/UDP ESXi 5.x vCenter Server (UDP) Status update (heartbeat) connection from E SXi to vCenter Server
ESXi 5.x 1024 (dynamic) TCP/UDP ESXi Host Active Directory Server Bi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and the Microsoft Knowledge Base article179442.
ESXi 5.x 2049 TCP ESXi 5.x NFS Server Transactions from NFS storage devices
ESXi 5.x 2049 UDP ESXi 5.x NFS Server Transactions from NFS storage devices
ESXi 5.x 3260 TCP ESXi 5.x iSCSI storage server Transactions to iSCSI storage devices
ESXi 5.x 5900 to 5964 TCP ESXi 5.x ESXi Host RFB protocol, which is used by management tools such as VNC
ESXi 5.x 5988 TCP CIM Server ESXi Host CIM transactions over HTTP
ESXi 5.x 5989 TCP vCenter Server ESXi Host CIM XML transactions over HTTPS
ESXi 5.x 5989 TCP ESXi 5.x vCenter Server CIM XML transactions over HTTPS
ESXi 5.x 8000 TCP ESXi 5.x (VM Target) ESXi (VM Source) Requests from vMotion
ESXi 5.x 8000 TCP ESXi 5.x (VM Source) ESXi (VM Target) Requests from vMotion
ESXi 5.x 8100 TCP/UDP ESXi 5.x ESXi Host Traffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x 8182 TCP/UDP ESXi 5.x ESXi Host Traffic between hosts for vSphere High Availability (vSphere HA)
ESXi 5.x 8200 TCP/UDP ESXi 5.x ESXi Host Traffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x 8301 UDP ESXi 5.x ESXi Host DVS Port Information
ESXi 5.x 8302 UDP ESXi 5.x ESXi Host DVS Port Information
ESXi 5.x 31000 TCP SPS Server vCenter Server Internal Communication Port
ESXi 6.x 9 UDP vCenter Server Virtual Volumes Used by the Virtual Volumes feature
ESXi 6.x 22 TCP SSH Client ESXi Host Required for SSH access
ESXi 6.x 53 UDP ESXi Host DNS Server DNS client
ESXi 6.x 68 UDP DHCP Server ESXi Host DHCP client for IPv4
ESXi 6.x 80 TCP Web Browser ESXi Host Welcome page, with download links for different interfaces
ESXi 6.x 161 UDP SNMP Server ESXi Host Allows the host to connect to an SNMP server
ESXi 6.x 427 TCP/UDP CIM Server ESXi Host The CIM client uses the Service Location Protocol, version 2 (SLPv2) to find CIM servers
ESXi 6.x 443 TCP vSphere Web Client ESXi Host Client connections
ESXi 6.x 546 TCP/UDP DHCP Server ESXi Host DHCP client for IPv6
ESXi 6.x 547 TCP/UDP ESXi Host DHCP Server DHCP client for IPv6
ESXi 6.x 902 TCP/UDP VMware vCenter Agent ESXi Host vCenter Server agent
ESXi 6.x 2233 TCP ESXi Host Virtual SAN Transport Used for RDT traffic (Unicast peer to peer communication) between Virtual SAN nodes.
ESXi 6.x 3260 TCP ESXi Host Software iSCSI Client Supports software iSCSI
ESXi 6.x 5671 TCP ESXi Host rabbitmqproxy A proxy running on the ESXi host that allows applications running inside virtual machines to communicate to the AMQP brokers running in the vCenter network domain. The virtual machine does not have to be on the network, that is, no NIC is required. The proxy connects to the brokers in the vCenter network domain. Therefore, the outgoing connection IP addresses should at least include the current brokers in use or future brokers. Brokers can be added if customer would like to scale up.
ESXi 6.x 5988,8889 TCP CIM Server ESXi Host Server for CIM (Common Information Model)
ESXi 6.x 5989 TCP CIM Secure Server ESXi Host Secure server for CIM
ESXi 6.x 6999 UDP NSX Distributed Logical Router Service ESXi Host NSX Virtual Distributed Router service. The firewall port associated with this service is opened when NSX VIBs are installed and the VDR module is created. If no VDR instances are associated with the host, the port does not have to be open.

This service was called NSX Distributed Logical Router in earlier versions of the product.
ESXi 6.x 8000 TCP ESXi Host ESXi Host vMotion
ESXi 6.x 8080 TCP vsanvp ESXi Host VSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage profiles, capabilities, and compliance. If disabled, Virtual SAN Storage Profile Based Management (SPBM) does not work.
ESXi 6.x 8100,8200,8300 TCP\UDP Fault Tolerance ESXi Host Traffic between hosts for vSphere Fault Tolerance (FT).
ESXi 6.x 8301,8302 UDP DVSSync ESXi Host DVSSync ports are used for synchronizing states of distributed virtual ports between hosts that have VMware FT record/replay enabled. Only hosts that run primary or backup virtual machines must have these ports open. On hosts that are not using VMware FT these ports do not have to be open.
ESXi 6.x 12345, 23451 UDP ESXi Host Virtual SAN Clustering Service Cluster Monitoring, Membership, and Directory Service used by Virtual SAN.
ESXi 6.x 44046, 31031 TCP ESXi Host HBR Used for ongoing replication traffic by vSphere Replication and VMware Site Recovery Manager.
ESXi Dump Collector 6500 UDP ESXi vCenter Server Network coredump server
ESXi Dump Collector 8000 TCP ESXi vCenter Server Network coredump web port
ESXi Syslog Collector 8001 TCP ESXi vCenter Server Network syslog server
Guided Consolidation 135 TCP/UDP Consolidation Target (Physical Server) vCenter Converter Server Microsoft DCE Locator Service, also known at End-Point Mapper
Guided Consolidation 137 TCP/UDP Consolidation Target (Physical Server) vCenter Converter Server NetBIOS names service. Firewall administrators frequently see larger numbers of incoming packets to port 137. This is because of Windows servers that use NetBIOS (as well as DNS) to resolve IP addresses to names using the gethostbyaddr() function. As users behind the firewalls visit Windows-based Web sites, those servers frequently respond with NetBIOS lookups.
Guided Consolidation 138 TCP/UDP Consolidation Target (Physical Server) vCenter Converter Server NetBIOS datagram Used by Windows, as well as UNIX services (such as SAMBA). Port 138 is used primarily by the SMB browser service that obtains Network Neighborhood information.
Guided Consolidation 139 TCP/UDP Consolidation Target (Physical Server) vCenter Converter Server NetBIOS Session Windows File and Printer sharing.
Guided Consolidation 445 TCP/UDP Consolidation Target (Physical Server) vCenter Converter Server DNS Direct Hosting port. In Windows 2000 and Windows XP, redirector and server components now support direct hosting for communicating with other computers running Windows 2000 or Windows XP. Direct hosting does not use NetBIOS for name resolution. DNS is used for name resolution, and the Microsoft networking communication is sent directly over TCP without a NetBIOS header. Direct hosting over TCP/IP uses TCP and UDP port 445 instead of the NetBIOS session TCP port 139.
Heartbeat 52267 TCP vCenter Server Heartbeat Console vCenter Server Heartbeat Server Client Connection Port
Heartbeat 57348 TCP vCenter Server Primary Server vCenter Server Secondary Server Default Channel Port to communicate between Primary and Secondary server
Lab Manager 137 UDP ESXi/ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager 138 UDP ESXi/ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager 139 TCP ESXi/ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager 389 TCP/UDP Lab Manager Server LDAP Server LDAP Authentication (optional)
Lab Manager 443 TCP Client PC Lab Manager Server Lab Manager Console (Web Browser)
Lab Manager 443 TCP Lab Manager Server vCenter Server Lab Manager to vCenter Server Communication
Lab Manager 445 TCP ESXi/ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs. ESXi requires Lab Manager 4.x
Lab Manager 514 TCP Lab Manager Server Virtual Router Update IP tables and routing on the vRouter
Lab Manager 636 TCP Lab Manager Server LDAP Server LDAPS Authentication (optional)
Lab Manager 1433 TCP Lab Manager Server Microsoft SQL Server Lab Manager Connectivity to Microsoft SQL Server (for LM database)
Lab Manager 5212 TCP Lab Manager Server ESXi/ESX Host Lab Manager Agent. ESXi requires Lab Manager 4.x
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 25 TCP vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) SMTP Server Email notifications
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 80 TCP vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) vCenter Server Used to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API (Shared sessions)
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 389 TCP/UDP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server LDAP Server LDAP Authentication
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 443 TCP vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) vCenter Server Used to obtain virtual infrastructure and virtual machine information from orchestrated vCenter Server(s) through the vCenter API
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 636 TCP vRealize Orchestrator Server (formerly known as VMware vCenter Orchestrator) LDAP Server vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) uses LDAP authentication and group membership to determine role authorization in LCM and access to VMs/requests. This is the SSL secured LDAP protocol LDAPS (the SSL pendent of 389). This is used for secured LDAP authentication
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 1433 TCP vRealize Orchestartor Server Microsoft SQL Server vRealize Orchestrator Server to Microsoft SQL Server for vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 1521 TCP vRealize Orchestrator Server Oracle Database Server vRealize Orchestrator Server to Oracle for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 3306 TCP vRealize Orchestrator Server MySQL Server vRealize Orchestrator Server to MySQL Server for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 5432 TCP vRealize Orchestrator Server PostgresSQL Server vRealize Orchestrator Server to PostgresSQL Server for vRealize Orchestrator Database
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8230 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client vRealize Orchestrator Server Lookup port – The main port to communicate with vRealize Orchestrator Configurator server (JNDI port). All other ports communicate with the vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Configurator smart client through this one. It is part of the JBoss Application server infrastructure
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8240 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Command port – The application communication port (RMI container port), it is used for remote invocations. It is part of the JBoss Application server infrastructure.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8244 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Data port used to access all vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) data models, such as workflows and policies. It is part of the JBoss application server infrastructure.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8250 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Messaging port – The Java messaging port used to dispatch events. It is part of the JBoss Application server infrastructure
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8280 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTP
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8281 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to the Web front-end via HTTPS
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8281 TCP vCenter Server vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server Port used by vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server to connect to vCenter Server to communicate with the vCenter API
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8282 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Server HTTP server port – Port used by the HTTP connector to connect to the Web frontend.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8283 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC vRealize Orchestrator Server HTTPS server port – Port used by HTTP connector to connect to the Web frontend. Requires Jetty to be configured for SSL.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8286 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC vRealize Orchestrator Server Java messaging port used for dispatching events.
vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) 8287 TCP vRealize Orchestrator (formerly known as VMware vCenter Orchestrator) Client PC vRealize Orchestrator Server SSL secured Java messaging port used for dispatching events.
Stage Manager 137 UDP ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs
Stage Manager 138 UDP ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs
Stage Manager 139 TCP ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs
Stage Manager 389 TCP/UDP Stage Manager Server LDAP Server LDAP Authentication (optional)
Stage Manager 443 TCP Client PC Stage Manager Server Stage Manager Console (Web Browser)
Stage Manager 443 TCP Stage Manager Server ESX Host Stage Manager Server communication with ESX Host Agent
Stage Manager 443 TCP Stage Manager Server vCenter Server Stage Manager Server communication with vCenter Server
Stage Manager 445 TCP ESX Host SMB File Server SMB File Sharing for Importing/Exporting VMs
Stage Manager 514 TCP Stage Manager Server ESX Host ESX Host Virtual Router
Stage Manager 636 TCP Stage Manager Server LDAP Server LDAPS Authentication (optional)
Stage Manager 5212 TCP Stage Manager Server ESX Host Stage Manager Agent
Update Manager 80 TCP Update Manager Server www.vmware.com and xml.shavlik.com To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
Update Manager 80 TCP ESXi/ESX Host Update Manager Host ESXi/ESX Host to Update Manager Server. The reverse proxy forwards the request to port 9084
Update Manager 80 TCP Update Manager Server vCenter Server Update Manager to vCenter Server communication
Update Manager 443 TCP Update Manager Server www.vmware.com and xml.shavlik.com To obtain metadata for the updates, Update Manager must be able to connect to http://www.vmware.com and http://xml.shavlik.com
Update Manager 443 TCP ESXi/ESX Host Update Manager Server ESXi/ESX Host to Update Manager Server . The reverse proxy forwards the request to port 9084
Update Manager 443 TCP vCenter Server Update Manager Server vCenter Server to Update Manager Server. The reverse proxy forwards the request to port 8084
Update Manager 735 TCP Update Manager Server Virtual Machines Update Managerlistenerport (rdevServer.exe) part of theRemote Device Server used for virtual machine patching.
Update Manager 902 TCP Update Manager Server ESXi/ESX Host To push patches and updates from Update Manager to the ESXi/ESX Hosts to be updated
Update Manager 1433 TCP Update Manager Server Microsoft SQL Server Update Manager to Microsoft SQL Server connectivity (for UM Database)
Update Manager 1521 TCP Update Manager Server Oracle Database Server Update Manager to Oracle connectivity (for UM Database)
Update Manager 8084 TCP Update Manager Server Update Manager Client Plugin SOAP between components of Update Manager Server and the vCenter Update Manager client plug-in. Configurable at install.
Update Manager 9084 TCP ESXi/ESX host Update Manager Server ESXi/ESX hosts connect to the VUM (VMware Update Manager) webserver listening for updates. Configurable at install.
Update Manager 9087 TCP Update Manager Server Update Manager Client Plugin Port used for uploading host update files. Configurable at install.
Update Manager 9000 to 9100 TCP ESXi/ESX Host Update Manager Server This is the recommend port range from which to choose ports for Update Manager if ports 80 and 443 are already in use. Update Manager automatically opens these ports for ESX Host scanning and remediation.
vCenter 2.5.x 25 TCP vCenter Server SMTP Server Email notifications
vCenter 2.5.x 53 UDP vCenter Server DNS Server DNS lookups
vCenter 2.5.x 80 TCP Client PC vCenter Server Redirect Web Browser to HTTPS Service (443)
vCenter 2.5.x 88 TCP vCenter Server Active Directory Server AD Authentication
vCenter 2.5.x 88 UDP vCenter Server Active Directory Server AD Authentication
vCenter 2.5.x 161 UDP SNMP Server vCenter Server SNMP Polling
vCenter 2.5.x 162 UDP vCenter Server SNMP Server SNMP Trap Send
vCenter 2.5.x 389 TCP/UDP vCenter Server LDAP Server LDAP Authentication
vCenter 2.5.x 443 TCP vCenter Server ESXi/ESX Host vCenter Agent
vCenter 2.5.x 443 TCP Client PC vCenter Server VI Web Access (Web Browser)
vCenter 2.5.x 443 TCP VI / vSphere Client vCenter Server VI / vSphere Client access to vCenter Server
vCenter 2.5.x 445 TCP vCenter Server Active Directory Server AD Authentication
vCenter 2.5.x 445 UDP vCenter Server Active Directory Server AD Authentication
vCenter 2.5.x 902 TCP/UDP vCenter Server ESXi/ESX Host Heartbeat
vCenter 2.5.x 902 TCP/UDP ESXi/ESX Host vCenter Server Heartbeat
vCenter 2.5.x 903 TCP Client PC vCenter Server VI / vSphere Client to VM Console
vCenter 2.5.x 903 TCP vCenter Server ESXi/ESX Host VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter)
vCenter 2.5.x 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
vCenter 2.5.x 1521 TCP vCenter Server Oracle Database Server For vCenter Oracle Database
vCenter 2.5.x 5989 TCP VirtualCenter/vCenter ESXi/ESX Host vCenter to ESX
vCenter 2.5.x 5989 TCP ESXi/ESX Host VirtualCenter/vCenter ESX to vCenter
vCenter 2.5.x 8005 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 2.5.x 8006 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 2.5.x 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 2.5.x 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK
vCenter 2.5.x 8086 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 2.5.x 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 2.5.x 27000 TCP vCenter Server VMware License Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x 27000 TCP VMware License Server vCenter Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x 27010 TCP vCenter Server VMware License Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 2.5.x 27010 TCP VMware License Server vCenter Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x 25 TCP vCenter Server SMTP Server Email notifications
vCenter 4.x 53 UDP vCenter Server DNS Server DNS lookups
vCenter 4.x 80 TCP Client PC vCenter Server Redirect Web Browser to HTTPS Service (443)
vCenter 4.x 80 TCP vCenter Server ESXi/ESX 4.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 4.x 88 UDP vCenter Server Active Directory Server AD Authentication
vCenter 4.x 88 TCP vCenter Server Active Directory Server AD Authentication
vCenter 4.x 135 TCP vCenter Server vCenter Server Linked Mode
vCenter 4.x 161 UDP SNMP Server vCenter Server SNMP Polling
vCenter 4.x 162 UDP vCenter Server SNMP Server SNMP Trap Send
vCenter 4.x 389 TCP/UDP vCenter Server Linked vCenter Servers Bi-directional LDAP authentication with Kerberos encryption on TCP port 389 is required between all vCenters that need to replicate.
vCenter 4.x 443 TCP vCenter Server ESXi/ESX Host vCenter Agent
vCenter 4.x 443 TCP vCenter Server ESXi/ESX 4.x Host DPM with HP iLO Remote Management and Control Protocol
vCenter 4.x 443 TCP Client PC vCenter Server VI Web Access (Web Browser)
vCenter 4.x 443 TCP vSphere Client vCenter Server vSphere Client access to vCenter Server
vCenter 4.x 445 TCP vCenter Server Active Directory Server AD Authentication
vCenter 4.x 445 UDP vCenter Server Active Directory Server AD Authentication
vCenter 4.x 623 UDP vCenter Server ESXi/ESX 4.x Host DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 4.x 636 TCP vCenter Server Linked vCenter Servers Linked mode connectivity between vCenter Servers
vCenter 4.x 902 TCP/UDP vCenter Server ESXi/ESX Host Heartbeat
vCenter 4.x 902 TCP/UDP ESXi/ESX Host vCenter Server Heartbeat
vCenter 4.x 903 TCP Client PC vCenter Server VI / vSphere Client to VM Console
vCenter 4.x 902 TCP vCenter Server ESXi/ESX Host VI / vSphere Client to VM Console (after connection established between VI / vSphere Client and vCenter)
vCenter 4.x 1024 (dynamic) RPC Linked vCenter Servers Linked vCenter Servers Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage.
vCenter 4.x 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
vCenter 4.x 1521 TCP vCenter Server Oracle Database Server For vCenter Oracle Database
vCenter 4.x 5989 TCP vCenter Server ESXi/ESX Host vCenter to ESX
vCenter 4.x 5989 TCP ESXi/ESX Host vCenter Server ESX to vCenter
vCenter 4.x 8005 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 4.x 8006 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 4.x 8080 TCP Client PC vCenter Server 4.x VMware vCenter 4 Management Web Services - HTTP
vCenter 4.x 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 4.x 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK
vCenter 4.x 8086 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 4.x 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 4.x 8089 TCP vCenter Server vCenter Server SDK Tunneling Port
vCenter 4.x 8443 TCP Client PC vCenter Server 4.x VMware vCenter 4 Management Web Services - HTTPS
vCenter 4.x 8443 TCP vCenter Server vCenter Server Linked Mode
vCenter 4.x 27000 TCP vCenter Server VMware License Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x 27000 TCP VMware License Server vCenter Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x 27010 TCP vCenter Server VMware License Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.x 27010 TCP VMware License Server vCenter Server Licensing via FlexLM. Only required by vCenter 4 if ESXi/ESX 3.x Hosts will be supported
vCenter 4.1 60099 TCP vCenter Server vCenter Server Services This port is for internal communication between vCenter Server and its solutions. Specifically, it is used to exchange messages about inventory. If you do not have it open, a solution that integrates with vCenter Server using this service may be affected.
vCenter 5.x 25 TCP vCenter Server SMTP Server Email notifications
vCenter 5.x 53 UDP vCenter Server DNS Server DNS lookups
vCenter 5.x 80 TCP Client PC vCenter Server vCenter Server requires port 80 for direct HTTP connections.
vCenter 5.x 80 TCP vCenter Server ESXi 5.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 5.x 88 UDP vCenter Server Active Directory Server AD Authentication
vCenter 5.x 88 TCP vCenter Server Active Directory Server AD Authentication
vCenter 5.x 135 TCP vCenter Server vCenter Server Linked Mode
vCenter 5.x 161 UDP SNMP Server vCenter Server SNMP Polling
vCenter 5.x 162 UDP vCenter Server SNMP Server SNMP Trap Send
vCenter 5.x 389 TCP/UDP vCenter Server Linked vCenter Servers This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535.
vCenter 5.x 443 TCP vSphere Client vCenter Server vCenter Server system uses to listen for connections from the vSphere Client.
vCenter 5.x 443 TCP vCenter Server ESXi 5.x vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
vCenter 5.x 623 UDP vCenter Server ESXi 5.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter 5.x 636 TCP vCenter Servers Linked vCenter Servers vCenter Server Linked Mode, this is the SSL port of the local instance.
vCenter 5.x 902 TCP vCenter Server ESXi 5.x vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter 5.x 902 UDP vCenter Server ESXi 5.x Managed hosts send a regular heartbeat to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter 5.x 902 TCP/UDP vSphere Client ESXi 5.x vSphere Client uses this ports to display virtual machine consoles.
vCenter 5.x 902 TCP/UDP ESXi 5.x ESXi 5.x Host access to other hosts for migration and provisioning
vCenter 5.x 1024 (dynamic) RPC Linked vCenter Servers Linked vCenter Servers Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM). A VIC still needs a direct connection to all vCenters that own an object it needs to manage.
vCenter 5.x 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
vCenter 5.x 1521 TCP vCenter Server Oracle Database Server For vCenter Oracle Database
vCenter 5.x 5988 TCP ESXi 5.x vCenter Server CIM transactions over HTTP
vCenter 5.x 5989 TCP vCenter Server ESXi 5.x CIM XML transactions over HTTPS
vCenter 5.x 5989 TCP ESXi 5.x vCenter Server CIM XML transactions over HTTPS
vCenter 5.x 7500 UDP vCenter Server vCenter Server Linked Mode, Java Discovery Port
vCenter 5.x 8005 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 5.x 8006 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 5.x 8009 TCP vCenter Server vCenter Server AJP Port
vCenter 5.x 8080 TCP Client PC vCenter Server Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
vCenter 5.x 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 5.x 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK
vCenter 5.x 8086 TCP vCenter Server vCenter Server Internal Communication Port
vCenter 5.x 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter 5.x 8089 TCP vCenter Server vCenter Server SDK Tunneling Port
vCenter 5.x 8443 TCP Client PC vCenter Server Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
vCenter 5.x 8443 TCP vCenter Server vCenter Server Linked Mode
vCenter 5.x 9443 TCP Client PC vCenter Server vSphere Web Client Access
vCenter 5.x 10109 TCP vCenter Server vCenter Server vCenter Inventory Service Service Management
vCenter 5.x 10111 TCP vCenter Server vCenter Server vCenter Inventory Service Linked Mode Communication
vCenter 5.x 10443 TCP Client PC vCenter Server vCenter Inventory Service HTTPS
vCenter 5.x 51915 TCP ESXi vSphere Authentication Proxy This is a web service, which is used to add host to Active Directory domain.
vCenter 5.x 60099 TCP vCenter Server vCenter Server Web Service change service notification port
vCenter 5.1 7005 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Base shutdown port.
For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1.
vCenter 5.1 7080 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On HTTP Port
vCenter 5.1 7009 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On AJP Port
vCenter 5.1 49152 to 65535 TCP Active Directory vCenter Server Allow Active Directory authentication/communication between domain controllers and vCenter Server.
vCenter 5.1/5.5 7444 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Lookup Service, HTTPS Port
vCenter 5.1/5.5 10109 to 10111 TCP vCenter Inventory Service vCenter Server vCenter Inventory Service Linked Mode Communication
vCenter 5.1/5.5 8003 TCP vCenter Server (Tomcat Server settings) vCenter Server Management Web Services vCenter Server Management Web Service shutdown
vCenter 5.5 31000 to 32999 TCP vCenter Single Sign-On vCenter Single Sign-On Internal Communication Ports for VMware Secure Token Service, which uses two available ports. One port from the 31000 to 31999 range and one port from the 32000 to 32999 range.
vCenter 5.5 88 TCP vCenter Server vCenter Single Sign-On Kdc Service
vCenter 5.5 2012 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Directory Service
vCenter 5.5 2013 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Kdc Service
vCenter 5.5 2014 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On VMware Certificate Service inter-communications with vCenter Single Sign-On
vCenter 5.5 6501 TCP Auto Deploy service ESXi Host Auto Deploy Service
vCenter 5.5 6502 TCP Auto Deploy Manager vSphere Client Auto Deploy Manager Service
vCenter 5.5 7331 TCP vCenter Server (Tomcat Server settings) vSphere Web Client HTML5 remote console for virtual machines
vCenter 5.5 Update 2 and later 7343 TCP vCenter Server (Tomcat Server settings) vSphere Web Client HTML5 remote console for virtual machines, HTTPS
vCenter 5.5 7444 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Lookup Service, HTTPS port
vCenter 5.5 8190 TCP vCenter Server vCenter Server Storage Policy Server HTTP
vCenter 5.5 8191 TCP vCenter Server vCenter Server Storage Policy Server HTTPS
vCenter 5.5 9875-9877 TCP vSphere Web Client  vSphere Web Client  vSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting.
vCenter 5.5 9090 TCP vSphere Web Client HTTP vSphere Web Client HTTP redirect to HTTPS
vCenter 5.5 11711 TCP vCenter Single Sign-On vCenter Single Sign-On Directory service LDAP use for replication between vCenter Single Sign-On nodes
vCenter 5.5 11712 TCP vCenter Single Sign-On vCenter Single Sign-On Directory service LDAPS use for replication between vCenter Single Sign-On nodes
vCenter 5.5 12721 TCP vCenter Single Sign-On vCenter Single Sign-On Identity Management Service (IDM) internal client/server communication port.
Used by VMware Identity Management Service.
vCenter 5.5 12443 TCP Log Browser vCenter Server Log Browser
vCenter 5.5 22000 TCP vCenter Server vCenter Server vCenter Server Storage Monitoring Service HTTP
vCenter 5.5 22100 TCP vCenter Server vCenter Server vCenter Server Storage Monitoring Service HTTPS
vCenter 5.5 31000 TCP vCenter Server vCenter Server VMware vSphere Profile-Driven Storage Service HTTP
vCenter 5.5 31100 TCP vCenter Server vCenter Server VMware vSphere Profile-Driven Storage Service HTTPS
vCenter 5.5 49000 to 65000 TCP Active Directory vCenter Server Allow Active Directory authentication/communication between domain controllers and vCenter Server.
Used by the VMware Identity Management Service
vCenter 6.0 22 TCP/UDP vCenter Server SSH Client System port for SSHD.  This port is only used by the vCenter Server Appliance
vCenter 6.0 80 TCP Client PC vCenter Server vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service. 

When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.
vCenter 6.0 88 TCP vCenter Server Active Directory Server VMware key distribution center port
vCenter 6.0 389 TCP/UDP vCenter Server Linked vCenter Servers This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.

If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535. 
vCenter 6.0 443 TCP vSphere Web Client vCenter Server The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.

The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.

Port 443 is also used for these services:
  • WS-Management (also requires port 80 to be open)
  • Third-party network management client connection to vCenter Server
  • Third-party network management clients access to host
vCenter 6.0 514 UDP Syslog Collector Syslog Collector vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance
vCenter 6.0 636 TCP Platform Service Controller Management Nodes For vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. 
You can run the SSL service on any port from 1025 through 65535.  This port is also used during install to verify SSL certificates.
vCenter 6.0 902 TCP/UDP vCenter Server ESXi 5.x The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. 
This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles.
vCenter 6.0 1514 TCP/UDP Syslog Collector Syslog Collector vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance
vCenter 6.0 2012 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Control interface RPC for vCenter Single Sign-On(SSO).
vCenter 6.0 2014 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On RPC port for all VMCA (VMware Certificate Authority) APIs.
vCenter 6.0 2020 TCP/UDP vCenter Server vCenter Server Authentication framework management
vCenter 6.0 6500 TCP/UDP vCenter Server ESXi host ESXi Dump Collector port
vCenter 6.0 6501 TCP Auto Deploy service ESXi Host Auto Deploy service 
vCenter 6.0 6502 TCP Auto Deploy Manager vSphere Client Auto Deploy management
vCenter 6.0 7444 TCP

Secure Token Service
vCenter 6.0 9443 TCP vSphere Web Client Server vSphere Web Client vSphere Web Client HTTPS
vCenter 6.0 11711 TCP vCenter Single Sign-On vCenter Single Sign-On VMware Directory service (vmdir) LDAP
vCenter 6.0 11712 TCP vCenter Single Sign-On vCenter Single Sign-On VMware Directory service (vmdir) LDAPS
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 22 TCP Client PC vRealize Infrastructure Navigator Appliance Enables SSH access tovRealize Infrastructure Appliance
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 80 TCP vRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) Navigator vSphere Web service API HTTP web service
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 443 TCP vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) vSphere Web service API HTTPS web service
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 443 TCP vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) ESXi/ESX hosts and virtual machines VIX protocol on target hosts to perform discovery
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 902 TCP vRealize Infrastructure Navigator ESXi/ESX hosts and virtual machines VIX protocol on target hosts to perform discovery
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 2868 TCP vCenter Server vRealize Infrastructure (formerly known as vCenter Infrastructure Navigator) Navigator Plug-in downloads. This download happens as part of the registration process.
vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) 1.x 6969 TCP vCenter Server vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator) Connectivity from vSphere Web Client to vRealize Infrastructure Navigator (formerly known as vCenter Infrastructure Navigator)
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 22 TCP SSH Client vRealize Log Insight (formerly known as vCenter Log Insight) Secure Shell (SSH) access to the vRealize Log Insight (formerly known as vCenter Log Insight) virtual appliance
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 25 TCP vRealize Log Insight (formerly known as vCenter Log Insight) SMTP Server Email notifications from vRealize Log Insight (formerly known as vCenter Log Insight) to a configured mail server
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 514 UDP Syslog Client vRealize Log Insight (formerly known as vCenter Log Insight) Remote Syslog logging
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 514 TCP Syslog Client vRealize Log Insight (formerly known as vCenter Log Insight) Remote Syslog logging
Realize Log Insight (formerly known as vCenter Log Insight) 1.x 1514 TCP Syslog Client vRealize Log Insight (formerly known as vCenter Log Insight) SSL Encrypted Remote Syslog logging
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 445 UDP vRealize Log Insight (formerly known as vCenter Log Insight) MS Directory Services Server Connection to a Domain Controller for Active Directory Authentication
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 80 TCP HTTP Client vRealize Log Insight (formerly known as vCenter Log Insight) vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface. Redirects to encrypted web interface
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 443 TCP HTTP Client vRealize Log Insight (formerly known as vCenter Log Insight) vRealize Log Insight (formerly known as vCenter Log Insight) Web Interface Encrypted
vRealize Log Insight (formerly known as vCenter Log Insight) 1.x 123 UDP vRealize Log Insight (formerly known as vCenter Log Insight) NTP Server Time synchronization with NTP server
vCloud Usage Meter 80 TCP vCloud Usage Meter vCenter Server This is for vSphere API
vCloud Usage Meter 443 TCP vCloud Usage Meter vCenter Server This is for vSphere API
vCloud Usage Meter 5480 TCP vCenter Update Manager vCloud Usage Meter This is used for virtual appliance updates
vCloud Usage Meter 8443 TCP Client Browser vCloud Usage Meter This is for WebApp
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) 22 TCP SSH Client vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance Enables SSH access to the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) virtual appliance
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) 443 TCP Browser or vSphere Client plugin vRealize Operations Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance HTTPS server port for the vRealize Operations Manager Standard (formerly known as vCenter Operations Manager Standard) Administration page
vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) 5480 TCP Browser vRealize Operations Manager Standard 1.x (formerly known as vCenter Operations Manager Standard 1.x) virtual appliance HTTPS server port for the VMware Studio Web console to administer the virtual appliance
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) 80 TCP Browser vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM HTTP server port that unconditionally redirects to HTTPS port
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) 443 TCP
  • Browser or vSphere Client plugin
  • vRealize Operations Manager UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM
  • vRealize Operations Manager UI VM
  • vCenter Server
  • HTTPS server port for the vRealize Operations Manager (formerly known as vCenter Operations Manager) UIs: Administration, vSphere, and Custom
  • UI VM: Registration of vRealize Operations Manager (formerly known as vCenter Operations Manager) as an extension to vCenter, Analytics VM: Collecting metric data from vCenter Server.
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) 22 TCP SSH Client vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager Analytics VM Enables SSH access to the vRealize Operations Manager (formerly known as vCenter Operations Manager) virtual appliance
vRealize Operations Manager (vApp) 5.x (formerly known as vCenter Operations Manager (vApp) 5.x ) 1194 TCP vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM Open VPN tunnel for communication between the two VMs
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) 443 TCP vRealize Operations Manager (formerly known as vCenter Operations Manager) UI VM, vRealize Operations Manager (formerly known as vCenter Operations Manager) Analytics VM vCenter Server UI VM: Registration of vRealize Operations Manager as an extension to vCenter, Analytics VM: Collecting metric data from vCenter
vRealize Operations Manager (Standalone) 5.x 80 TCP Browser vRealize Operations Manager (formerly known as vCenter Operations Manager) (Standalone) (If chosen during configuration) HTTP port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI
vRealize Operations Manager (Standalone) 5.x 443 TCP Browser vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone) ) (If chosen during configuration) HTTPS port to access vRealize Operations Manager (formerly known as vCenter Operations Manager) UI
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) 1199 TCP vRealize Operations Manager (formerly known as vCenter Operations Manager) remote collector vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone)) Heartbeat connection between remote collector and main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) 61616 TCP vRealize Operations Manager (formerly known as vCenter Operations Manager) remote collector vRealize Operations Manager (Standalone) (formerly known as vCenter Operations Manager (Standalone)) Connection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager (Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) 443 TCP vRealize Operations Manager (formerly known as vCenter Operations Manager) local/remote collector vCenter Server Connection between remote collector and ActiveMQ component on the main vRealize Operations Manager (formerly known as vCenter Operations Manager) server
vRealize Operations Manager(Standalone) 5.x (formerly known as vCenter Operations Manager (Standalone) 5.x) 10443 TCP vRealize Operaions Manager (formerly known as vCenter Operations Manager) Analytics VM vCenter Server vCenter Inventory Service HTTPS
vRealize Operations Manager 6.x 22 TCP SSH Client vRealize Operations Manager Used for SSH access to the vRealize Operations Manager cluster.
vRealize Operations Manager 6.x 80 TCP Browser vRealize Operations Manager Redirects to port 443.
vRealize Operations Manager 6.x 123 UDP vRealize Log Insight NTP Server Used by vRealize Operations Manager for Network Time Protocol (NTP) synchronization to the master node.
vRealize Operations Manager 6.x 443 TCP Browser vRealize Operations Manager Used to access the vRealize Operations Manager product user interface and the vRealize Operations Manager administrator interface.
vRealize Operations Manager 6.x 1235 TCP vRealize Operation Manager 6.0 nodes vRealize Operation Manager 6.0 nodes Used by all nodes in the cluster to transmit resource data and key-value data for the Global xDB database instance.
vRealize Operations Manager 6.x 3091-3094 TCP When Horizon View (V4V) vRealize Operations Manager When Horizon View (V4V) is installed, used to access data for vRealize Operations Manager from V4V.
vRealize Operations Manager 6.x 6061 TCP vRealize Operations Manager 6.x clients vRealize Operation Manager 6.x nodes Used by clients to connect to the GemFire Locator to get connection information to servers in the distributed system. Also monitors server load to send clients to the least-loaded servers.
vRealize Operations Manager 6.x 10000-10010 TCP/UDP vRealize Operation Manager 6.x nodes vRealize Operation Manager 6.x nodes GemFire Server ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.
vRealize Operations Manager 6.x 20000-20010 TCP/UDP vRealize Operation Manager 6.x nodes vRealize Operation Manager 6.x nodes GemFire Locator ephemeral port range used for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.
View 3.x 3389 TCP Thin Client ESX host RDP Protocol
View 3.x 18443 TCP View Connection Server/View Manager vCenter Server View Composer
View 3.x 32111 TCP View Agent (Virtual Desktop) View Client USB Device Communication
View 3.x 32111 TCP View Client View Agent (Virtual Desktop) USB Device Communication
View 4.0.x 902 TCP View Client/View Client with Offline Desktop ESX Host (Optional) View Client with Offline Desktop data is downloaded and uploaded through this port.
View 4.0.x 3268 TCP View/VDM Connection Server/View Manager Active Directory Server Global Catalog Server
View 4.0.x 3269 TCP View/VDM Connection Server/View Manager Active Directory Server Global Catalog Server
View 4.0.x 3389 TCP Thin Client ESX host RDP Protocol
View 4.0.x 9427 TCP View Client/View Client with Offline Desktop View Agent (Virtual Desktop) (Optional) Multimedia Redirection (MMR). MMR is supported by View Client and View Client with Offline Desktop on certain operating systems.
View 4.0.x 18443 TCP View Connection Server/View Manager vCenter Server View Composer
View 4.0.x 50002 TCP/UDP View Agent (Virtual Desktop) View Client PCoIP (AES 128-bit encryption)
View 4.0.x 50002 TCP/UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 4.5.x - - - - For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 4.5.x 80/443 TCP View Client with Local Mode View Transfer Server HTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.5.x 80/443 TCP Security Server View Transfer Server HTTP(S) access via tunnel connection for downloading and uploading Local Mode data
View 4.5.x 902 TCP View Connection Server ESX Host Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode.
View 4.5.x 902 TCP View Transfer Server ESX Host Publishing View Composer packages for Local Mode
View 4.5.x 4001 TCP View Connection Server View Transfer Server Required by JMS for Local Mode
View 4.5.x 4172 TCP/UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 4.5.x 50002 UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 4.6.x - - - - For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 4.6.x 80/443 TCP View Client with Local Mode View Transfer Server HTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.6.x 80/443 TCP Security Server View Transfer Server HTTP(S) access via direct connection for downloading and uploading Local Mode data
View 4.6.x 902 TCP View Connection Server ESX Host Used when checking out local desktops. Must be accessible on your ESX host when using View Client with Local Mode.
View 4.6.x 902 TCP View Transfer Server ESX Host Publishing View Composer packages for Local Mode
View 4.6.x 4001 TCP View Connection Server View Transfer Server Required by JMS for Local Mode
View 4.6.x 4172 TCP/UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 4.6.x 50002 UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 5.x - - - - For more information, see Network connectivity requirements for VMware View Manager 4.5 and later (1027217).
View 5.x 80/443 TCP View Client with Local Mode View Transfer Server HTTP(S) access via direct connection for downloading and uploading Local Mode data
View 5.x 80/443 TCP Security Server View Transfer Server HTTP(S) access via direct connection for downloading and uploading Local Mode data
View 5.x 902 TCP View Connection Server ESXi Host Used when checking out local desktops. Must be accessible on your ESXi host when using View Client with Local Mode.
View 5.x 902 TCP View Transfer Server ESXi Host Publishing View Composer packages for Local Mode
View 5.x 902 TCP View Composer Server ESXi Host Used when View Composer customizes linked-clone disks, including View Composer internal disks and, if they are specified, persistent disks and system disposable disks.
View 5.x 4001 TCP View Connection Server View Transfer Server Required by JMS for Local Mode
View 5.x 4172 TCP/UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View 5.x 50002 UDP View Client View Agent (Virtual Desktop) PCoIP (AES 128-bit encryption)
View/VDM 2.x 80 TCP View/VDM Client View/VDM Security Server VDM Access (not required if only HTTPS is to be supported)
View/VDM 2.x 80 TCP Client PC View/VDM Security Server VDM Web Access (not required if only HTTPS is to be supported). The Security Server used as a proxy in a DMZ to allow for external connections in. The View Manager/Connection Broker has an ADAM instance on it.
View/VDM 2.x 80 TCP View/VDM Client View/VDM Connection Server VDM Access (not required if only HTTPS is to be supported)
View/VDM 2.x 80 TCP Client PC View/VDM Connection Server VDM Web Access (not required if only HTTPS is to be supported).
View/VDM 2.x 88 UDP View/VDM Connection Server/View Manager Active Directory Server AD Authentication
View/VDM 2.x 88 TCP View/VDM Connection Server/View Manager Active Directory Server AD Authentication
View/VDM 2.x 389 TCP/UDP View/VDM Connection Server/View Manager LDAP Server LDAP Authentication
View/VDM 2.x 443 TCP View/VDM Client View/VDM Security Server VDM Access
View/VDM 2.x 443 TCP Client PC View/VDM Connection Server/View Manager VDM Web Access and VDM Administration
View/VDM 2.x 443 TCP Thin Client View/VDM Connection Server/View Manager VDM API
View/VDM 2.x 443 TCP View/VDM Client View/VDM Connection Server/View Manager VDM Access
View/VDM 2.x 443 TCP Client PC View/VDM Security Server VDM Web Access (Web Browser)
View/VDM 2.x 443 TCP View/VDM Connection Server/View Manager vCenter Server VDM to vCenter communication
View/VDM 2.x 445 UDP View/VDM Connection Server/View Manager Active Directory Server AD Authentication
View/VDM 2.x 445 TCP View/VDM Connection Server/View Manager Active Directory Server AD Authentication
View/VDM 2.x 1024 to 65535 TCP View/VDM Connection Server/View Manager Virtual Desktop VM (View/VDM Agent) Ephemeral Ports. A short-lived connection between View Manager and the virtual desktop
View/VDM 2.x 1024 to 65535 TCP View/VDM Connection Server/View Manager View/VDM Connection Server/View Manager This is required for ADAM replication between VDM Connection Servers. With a Registry entry, this can be fixed to a defined set of ports, but by default it is a random TCP high port
View/VDM 2.x 3389 TCP View/VDM Security Server Virtual Desktop VM (View/VDM Agent) Tunneled RDP Connection (RSA RC4 encryption, can be set High/Medium/Low)

High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.

Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.

Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.
View/VDM 2.x 3389 TCP Client PC/Thin Client/View/VDM Client Virtual Desktop VM (View/VDM Agent) Direct RDP Connection (RSA RC4 encryption, can be set High/Medium/Low).

High: Encrypts both the data sent from client to server and the data sent from server to client using a 128-bit key.

Medium: Encrypts both the data sent from client to server and the data sent from server to client using a 56-bit key if the client is a Windows 2000 or above client, or a 40-bit key if the client is an earlier version.

Low: Encrypts only the data sent from client to server, using either a 56- or 40-bit key, depending on the client version. Useful to protect usernames and passwords sent from client to server.
View/VDM 2.x 4001 TCP View/VDM Security Server View/VDM Connection Server/View Manager Java Messenger Service (JMS)
View/VDM 2.x 4001 TCP View/VDM Connection Server/View Manager View/VDM Security Server Java Messenger Service (JMS)
View/VDM 2.x 4001 TCP Virtual Desktop VM (View/VDM Agent) View/VDM Connection Server/View Manager Java Messenger Service (JMS)
View/VDM 2.x 4100 TCP View/VDM Connection Server/View Manager View/VDM Connection Server/View Manager Java Messenger Service (JMS) inter-router traffic
View/VDM 2.x 8009 TCP View/VDM Security Server View/VDM Connection Server/View Manager Apache Jserv Protocol (AJP)
View/VDM 2.x 8009 TCP View/VDM Connection Server/View Manager View/VDM Security Server Apache Jserv Protocol (AJP)
View/VDM 2.x 42966 TCP View Client/View Client with Offline Desktop ESX Host (Optional) Hewlett-Packard RGS Sender Application is the server-side component of the HP RGS remote display protocol
VMware vCenter Chargeback 1.5 8080 TCP Client VMWare vCenter Chargeback Server HTTP
VMware vCenter Chargeback 1.5 8009 TCP Client VMWare vCenter Chargeback Server Load Balancer
VMware vCenter Chargeback 1.5