ESXi, KVM hosts, and bare metal server when used as transport nodes need certain TCP and UDP ports available.

Table 1. TCP and UDP Ports Used by ESXi and KVM Hosts
Source Target Port Protocol Description
ESXi host NSX Manager 1235 TCP Local Control Plane (LCP) to Central Control Plane (CCP) communication
ESXi host NSX Manager 1234 TCP NSX Messaging channel to NSX Manager

AMPQ Communication channel to NSX Manager

ESXi host NSX Manager 8080 TCP Install and upgrade HTTP repository
ESXi and KVM host NSX Manager 443 TCP Management and provisioning connection
ESXi and KVM host NSX Manager 443 TCP Install and upgrade HTTP repository
GENEVE Termination End Point (TEP) GENEVE Termination End Point (TEP) 6081 UDP Transport network
KVM host NSX Manager 1234 TCP NSX Messaging channel to NSX Manager

AMPQ Communication channel to NSX Manager

Bare Metal server host NSX Manager 5671, 1235, 1234, 8080 TCP AMPQ Communication channel to NSX Manager
KVM host NSX Manager 1235 TCP Local Control Plane (LCP) to Central Control Plane (CCP) communication
KVM host NSX Manager 8080 TCP Install and upgrade HTTP repository
NSX Manager ESXi host 443 TCP Management and provisioning connection
NSX Manager KVM host 443 TCP Management and provisioning connection
Host Syslog Servers 514 TCP Syslog (Refer to the host syslog documenation)
Host Syslog Servers 514 UDP Syslog (Refer to the host syslog documenation)
Host Syslog Servers 6514 TCP Syslog (Refer to the host syslog documenation)
Host Syslog Servers 6514 UDP Syslog (Refer to the host syslog documenation)
Host Intermediate and Root CA servers 80 TCP Syslog (export over TLS)
Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority.
NSX-T Data Center transport node NSX-T Data Center transport node 3784, 3785 UDP BFD Session between TEPs, in the datapath using TEP interface