HCX deployments require allowing various ports for communication between services on the HCX Manager appliance itself and between HCX pairs at the source and destination sites.
You must allow the following connections in HCX Manager deployments:
- For systems activated in Local Mode (see Activating New HCX Systems):
- The perimeter firewalls must allow HCX Manager connections to vcsa.vmware.com.
- For systems activated in Connected Mode (see Activating New HCX Systems):
- The perimeter firewalls must allow HCX Manager connections to connect.hcx.vmware.com.
- The perimeter firewalls must allow HCX Manager connections to hybridity-depot.vmware.com.
- The source site firewalls must be configured to allow outbound connections to the destination HCX Manager systems.
- The destination site firewalls must be configured to allow inbound connections from the source HCX Manager system.
- All local connections (within a single HCX Manager) either at the source or destination environment. These connections never traverse from source to destination or from destination to source.
- A proxy server can be configured for HTTPS connections. Refer to Configure a Proxy Server.
- Connections made when the HCX Manager is added as a solution in a vRealize Operations installation.
For a complete list of network port and protocol requirements, see VMware Ports and Protocols.