Port numbers that must be open for vSphere Replication 8.x
Article ID: 312798
Updated On:
Products
VMware Live Recovery
VMware vSphere ESXi
Issue/Introduction
This article provides information about port numbers that must be open for vSphere Replication 8.x.
Environment
VMware vSphere Replication 6.1.x
VMware vSphere Replication 6.5.x
VMware vSphere Replication 8.x
VMware vSphere Replication 6.0.x
VMware vSphere Replication 5.8.x
VMware vSphere Replication 6.5.x
VMware vSphere Replication 8.x
VMware vSphere Replication 6.0.x
VMware vSphere Replication 5.8.x
Resolution
vSphere Replication appliance network ports
The vSphere Replication appliance requires certain ports to be open.
NOTE: vSphere Replication Management servers must have NFC traffic access to target ESXi hosts. VR 8.8 no longer uses port # 80 for communication. The below ports are a requirement of 8.7 and below versions. For 8.8 and above, please check - Services, Ports, and External Interfaces That the vSphere Replication Virtual Appliance Uses
Use netcat command when testing from ESXi to appliances (vCenter/SRM/VR)
Use curl command when testing between appliances (vCenter/SRM/VR)
curl -v telnet://Target IP address:31031 (desired port #)
nc –zv xxx.xxx.xx.xxx 31031 (desired port #)
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | TCP | vSphere Replication appliance | All local and remote PSCs in same SSO domain (only if external PSC is used) | All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system. |
| 80 | TCP | vSphere Replication appliance | Remote vCenter Server and local vCenter Server | All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system. |
| 80 | HTTP | vSphere Replication server in the vSphere Replication appliance | ESXi host (intra-site) | Used to establish the connection before initial replication starts |
| 443 | TCP | vSphere Replication appliance | All local and remote PSCs in same SSO domain (only if external PSC is used) | All management traffic to the vSphere Replication appliance |
| 443 | TCP | vSphere Replication appliance |
Local and remote vCenter Server | All management traffic to the vSphere Replication appliance |
| 443 | TCP | New appliance | ESXi that hosts the old appliance | Applicable only for VR 8.x migration upgrade |
| 902 | TCP and UDP | vSphere Replication server in the vSphere Replication appliance on secondary site | ESXi host (intra-site only) on secondary site | Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts. |
| 5480 | vSphere Replication appliance virtual appliance management interface (VAMI) Web UI | Browser | vSphere Replication 8.x appliance and later | Administrator's Web browser. |
| 7444 | TCP | vSphere Replication appliance | vCenter Server (intra-site) | |
| 7444 | TCP | vCenter Server | All local and remote PSCs | |
| 8043 | SOAP | vCenter Server | vSphere Replication appliance | From the vCenter Server to the vSphere Replication appliance (intra-site only). |
| 8123 | SOAP | vSphere Replication appliance | vSphere Replication server | Management traffic from the vSphere Replication appliance to additional vSphere Replication servers (intra-site only). |
| 10443 | HTTPS | vSphere Web Client on the primary site | vCenter Server / Inventory Service on the secondary site | The vSphere Replication UI uses the Inventory Service of the remote vCenter Server to list target datastores. |
| 31031 |
| ESXi host on primary site | vSphere Replication server in the vSphere Replication appliance on the secondary site or an external VRS on secondary site. | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
| 8043 | SOAP | vSphere Replication Management Server -VRMS | vSphere Replication Management Server -VRMS | From the VRMS of the Primary Site to the VRMS on the DR site - Port should be open Across Sites |
vSphere Replication server network ports
If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 902 | TCP and UDP | vSphere Replication server in the vSphere Replication appliance on secondary site | ESXi host (intra-site only) on secondary site | Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXi hosts on the same site. |
| 5480 | VAMI Web UI for any additional vSphere Replication servers | Browser | vSphere Replication server | Administrator's Web browser. |
| 8123 | SOAP | vSphere Replication management server | vSphere Replication server | Management traffic from the vSphere Replication appliance or VRMS to the vSphere Replication servers (intra-site only). |
| 31031 |
| ESXi host on primary site | vSphere Replication server | From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site. |
| 32032 |
| ESXi host on the source site | vSphere Replication server at the target site | Encrypted traffic. If you configure a replication of an encrypted VM, the network encryption is automatically turned on and cannot be disabled |
Network ports required for replications to Cloud
When you create a connection to the cloud, the vCloud Tunneling Agent in the vSphere Replication appliance creates a tunnel to secure the transfer of replication data to your cloud Organization.
| Default Port | Protocol or Description | Source | Target | Endpoints or Consumers |
| 80 | TCP | The ESXi host at the protected site. | The vCenter Server at the protected site. | The vCenter Server reverse proxy forwards VIB (vCloud Air DRaaS firewall rules) download request to vSphere Replication appliance. |
| 443 | TCP | vSphere Replication appliance at the protected site. | vCloud API | vSphere Replication appliance connects to this port to send replication data to a cloud organization. |
| 10000-10010 | TCP | The ESXi host at the protected site. | The vSphere Replication appliance at the protected site. | The vCloud Tunneling Agent opens one of these ports on the vSphere Replication appliance. ESXi hosts connect to that port to send replication data to a cloud organization. |
Additional Information
For more detailed port number information, please refer to this link - Network Ports for VMware Site RecoveryFor translated versions of this article, see:
Feedback
Yes
No
Powered by
