NSX Edge uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.

You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.

Table 1. TCP and UDP Ports Used by NSX Edge

Source

Target

Port

Protocol

Description

Management Clients

NSX Edge nodes

22

TCP

SSH (Disabled by default)

NTP Servers

NSX Edge nodes

123

UDP

NTP

SNMP Servers

NSX Edge nodes

161

UDP

SNMP

NSX Edge nodes

NSX Edge nodes

1167

TCP

DHCP backend

NSX Edge nodes, Transport Nodes

NSX Edge nodes

3784, 3785

UDP

BFD between the Transport Node TEP IP address in the data.

NSX Agent

NSX Edge nodes

5555

TCP

NSX Cloud - Agent on instance communicates to NSX Cloud Gateway.

NSX Edge nodes

NSX Edge nodes

6666

TCP

NSX Cloud - NSX Edge local communication.

NSX Edge nodes

NSX Manager

8080

TCP

NAPI, NSX-T Data Center upgrade

NSX Edge nodes

NSX Edge nodes

2480

TCP

Nestdb

NSX Edge nodes

Management SCP or SSH Servers

22

TCP

SSH

NSX Edge nodes

DNS Servers

53

UDP

DNS

NSX Edge nodes

NTP Servers

123

UDP

NTP

NSX Edge nodes

SNMP Servers

161, 162

UDP

SNMP

NSX Edge nodes

SNMP Servers

161, 162

TCP

SNMP

NSX Edge nodes

NSX Manager

443

TCP

HTTPS

NSX Edge nodes

Syslog Servers

514

TCP

Syslog

NSX Edge nodes

Syslog Servers

514

UDP

Syslog

NSX Edge nodes

NSX Edge nodes

1167

TCP

DHCP backend

NSX Edge nodes

NSX Controllers

1235

TCP

netcpa

NSX Edge nodes

OpenStack Nova API Server

3000 - 9000

TCP

Metadata proxy

NSX Edge nodes

NSX Manager

5671

TCP

NSX messaging

NSX Edge nodes

Syslog Servers

6514

TCP

Syslog over TLS

NSX Edge nodes

Traceroute Destination

33434 - 33523

UDP

Traceroute

NSX Edge nodes

NSX Edge nodes

50263

UDP

High-Availability