Setting up a protected site for your VMware Cloud on AWS SDDC requires creating firewall rules for the Cyber Recovery connector.
As you set up your protected sites, you must decide if you want VMware Live Cyber Recovery to create the firewall rules needed for the Cyber Recovery connector (recommended). Or, if you want to create the firewall rules manually.
If you allow VMware Live Cyber Recovery to automatically create firewall rules for your protected site, you must create a dedicated network segment to use for the Cyber Recovery connector on the SDDC. This is recommended as a best practice.
- Protected SDDC vCenter Server outbound on TCP port 443
- Cloud file system outbound on TCP port 443
- Orchestrator outbound on TCP ports 443
- VMware Live Cyber Recovery auto-support server outbound on TCP port 443
- ESXi hosts inbound on TCP port 1492 and outbound on TCP port 902 (only needed if these ports are closed on the SDDC)
You can open these ports by configuring firewall rules for the SDDC's Compute Gateway as described here: Add or Modify Compute Gateway Firewall Rules.