This section lists the firewall ports required to access Cloud Foundation.

Cloud Foundation Builder

Table 1. Inbound Ports
Port Protocol Description
22 TCP SSH access to vSphere components
67 TCP/UDP VIA - DHCP server on Cloud Foundation Builder
8445 TCP VIA UI
9080 TCP Bring-up APIs
Table 2. Outbound Ports
Port Protocol Description Notes
22 TCP SSH to all ESXi hosts and vRealize network Two dynamic ports are selected from the range for mountd and statd
53 TCP/UDP DNS name resolution
68 TCP/UDP ESXi hosts
123 TCP/UDP Time sync on Cloud Foundation Builder
443 TCP Bring-up - vSphere API
902 TCP Bring-up - OVF deploy
123 NTP Upstream NTP

SDDC Manager

Table 3. Inbound Ports
Port Protocol Description
22 TCP SSH access into SDDC Manager
111 TCP/UDP RPC - for NFS server on SDDC Manager
123 TCP/UDP Time sync - NTP server on SDDC Manager
135 TCP DCE RPC Daemon (dcerpcd)
443 TCP Access to SDDC Manager UI
2020 TCP VMware Authentication Service (vmafdd)
2049 TCP/UDP NFS Daemon (nfsd)

This daemon is used for client file-system requests.

4045 TCP/UDP NFS Lock Manager (lockd)

This daemon is used for record-locking operations on NFS files. It sends and manages locking requests from the client to the NFS server.

32766 TCP/UDP

NFS RPC Listen (statd)

This daemon works with (lockd) to provide crash and recovery functions for the lock manager.

32767 TCP/UDP NFS (mountd)

This is a remote procedure call (RPC) server that handles file-system mount requests from remote systems and provides access control.

Table 4. Outbound Ports
Port Protocol Description
22 TCP SSH
53 TCP/UDP DNS
123 TCP/UDP NTP
443 TCP HTTPS
514 UDP Syslog output to vRealize Log Insight
7444 TCP Access for single-sign on (SSO)
9000 TCP vRealize Log Insight agent to access vRealize Log Insight