HCX deployments require allowing various ports for communication between services on the HCX Manager appliance itself and between HCX pairs at the source and destination sites.
You must allow the following connections in HCX Manager deployments:
- For systems activated in Local Mode (see Activating New HCX Systems):
- The perimeter firewalls must allow HCX Manager connections to vcsa.vmware.com.
- For systems activated in Connected Mode (see Activating New HCX Systems):
- The perimeter firewalls must allow HCX Manager connections to connect.hcx.vmware.com.
Note: The connect.hcx.vmware.com server's CNAME has been changed to connect.hcx.vmware.com.cdn.cloudflare.net.
- The perimeter firewalls must allow HCX Manager connections to hybridity-depot.vmware.com.
Note: The hybridity-depot.vmware.com server's CNAME has been changed to hybridity-depot.broadcom.com.cdn.cloudflare.net
- The perimeter firewalls must allow HCX Manager connections to connect.hcx.vmware.com.
- The source site firewalls must be configured to allow outbound connections to the destination HCX Manager systems.
- The destination site firewalls must be configured to allow inbound connections from the source HCX Manager system.
- All local connections (within a single HCX Manager) either at the source or destination environment. These connections never traverse from source to destination or from destination to source.
- In environments that rely on a proxy server to centralize outbound HTTPS connnections, the proxy server must be configured on the HCX Manager. Refer to Configure a Proxy Server.
For a complete list of network port and protocol requirements, see VMware Ports and Protocols.