NSX Edge uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.
You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.
| Source | Target | Port | Protocol | Description |
|---|---|---|---|---|
| Management Clients | NSX Edge nodes | 22 | TCP | SSH (Disabled by default) |
| NSX Agent | NSX Edge nodes | 5555 | TCP | NSX Cloud - Agent on instance communicates to NSX Cloud Gateway. |
| NSX Edge nodes | DNS Servers | 53 | UDP | DNS |
| NSX Edge nodes | Management SCP or SSH Servers | 22 | TCP | SSH |
| NSX Edge nodes | NSX Manager | 1235 | TCP | Lower Control Plane (LCP) to Central Control Plane (CCP) communication |
| NSX Edge nodes | NSX Edge nodes | 1167 | TCP | DHCP backend |
| NSX Edge nodes | NSX Edge nodes | 2480 | TCP | Nestdb |
| NSX Edge nodes | NSX Edge nodes | 6666 | TCP | NSX Cloud - NSX Edge local communication. |
| NSX Edge nodes | NSX Edge nodes | 50263 | UDP | High-Availability |
| NSX Edge nodes | NSX Manager | 443 | TCP | HTTPS |
| NSX Edge nodes | NSX Manager | 1234 | TCP | NSX Messaging channel to NSX Manager |
| NSX Edge nodes | NSX Manager | 8080 | TCP | NAPI, NSX-T Data Center upgrade |
| NSX Edge nodes | NTP Servers | 123 | UDP | NTP |
| NSX Edge nodes | OpenStack Nova API Server | 3000 - 9000 | TCP | Metadata proxy |
| NSX Edge nodes | SNMP Servers | 161, 162 | TCP | SNMP |
| NSX Edge nodes | SNMP Servers | 161, 162 | UDP | SNMP |
| NSX Edge nodes | Syslog Servers | 514 | TCP | Syslog |
| NSX Edge nodes | Syslog Servers | 514 | UDP | Syslog |
| NSX Edge nodes | Syslog Servers | 6514 | TCP | Syslog |
| NSX Edge nodes | Syslog Servers | 6514 | UDP | Syslog |
| NSX Edge nodes | Intermediate and Root CA Servers | 80 | TCP | Syslog (export over TLS)
Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority.
|
| NSX Edge nodes | Traceroute Destination | 33434 - 33523 | UDP | Traceroute |
| NSX Edge nodes, Transport nodes | NSX Edge nodes | 3784, 3785 | UDP | BFD between the Transport node TEP IP address in the data. |
| NTP Servers | NSX Edge nodes | 123 | UDP | NTP |
| SNMP Servers | NSX Edge nodes | 161 | UDP | SNMP |
