Setting up a protected site for your VMware Cloud on AWS SDDC requires creating firewall rules for the DRaaS Connector.
As you set up your protected sites, you must decide if you want VMware Cloud DR to create the firewall rules needed for the DRaaS Connector (recommended). Or, if you want to create the filewall rules manually.
If you allow VMware Cloud DR to automatically create firewall rules for your protected site, you must create a dedicated network segment to use for the DRaaS Connector on the SDDC. This is recommended as a best practice.
- SDDC vCenter outbound on TCP port 443
- Cloud file system outbound on TCP port 443
- Orchestrator outbound on TCP ports 443
- VMware Cloud DR auto-support server outbound on TCP port 443
- Protected site vCenter outbound on TCP 443
- ESXi hosts inbound on TCP 1492
You can open these ports by configuring firewall rules for the SDDC's Compute Gateway as described here: Add or Modify Compute Gateway Firewall Rules.