NSX Manager uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.

You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.

Table 1. TCP and UDP Ports Used by NSX Manager
Source Target Port Protocol Description
NSX Managers, NSX Edge nodes, Transport nodes NSX Manager 5671, 1234, 1235, 443 TCP NSX messaging
NSX Managers, NSX Edge nodes, Transport nodes, vCenter Server NSX Manager 8080 TCP Install-upgrade HTTP repository
NSX Manager NSX Manager 9000 5671, 1234, 443, 8080 TCP Distributed Datastore
NSX Manager DNS Servers 53 TCP DNS
NSX Manager DNS Servers 53 UDP DNS
NSX Manager Management SCP Servers 22 TCP SSH (upload support bundle, backups, etc.)
NSX Manager NTP Servers 123 UDP NTP
NSX Manager SNMP Servers 161, 162 TCP SNMP
NSX Manager SNMP Servers 161, 162 UDP SNMP
NSX Manager Syslog Servers 514 TCP Syslog
NSX Manager Syslog Servers 514 UDP Syslog
NSX Manager Syslog Servers 6514 TCP Syslog
NSX Manager Syslog Servers 6514 UDP Syslog
NSX Manager Intermediate and Root CA Servers 80 TCP Syslog (export over TLS)
Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority.
NSX Manager Traceroute Destination 33434 - 33523 UDP Traceroute
NSX Manager vCenter Server 80 TCP NSX Manager to compute manager (vCenter Server) communication, when configured.
NSX Manager vCenter Server 443 TCP NSX Manager to compute manager (vCenter Server) communication, when configured.
NTP Servers NSX Manager 123 UDP NTP
Management Clients NSX Manager 22 TCP SSH (Disabled by default)
Management Clients NSX Manager 443 TCP NSX API server
SNMP Servers NSX Manager 161 UDP SNMP