TCP and UDP Ports Used by NSX Manager

NSX Manager uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.

You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.

Table 1. TCP and UDP Ports Used by NSX Manager
Source	Target	Port	Protocol	Description
NSX Managers, NSX Edge nodes, Transport nodes	NSX Manager	5671, 1234, 1235, 443	TCP	NSX messaging
NSX Managers, NSX Edge nodes, Transport nodes, vCenter Server	NSX Manager	8080	TCP	Install-upgrade HTTP repository
NSX Manager	NSX Manager	9000 5671, 1234, 443, 8080	TCP	Distributed Datastore
NSX Manager	DNS Servers	53	TCP	DNS
NSX Manager	DNS Servers	53	UDP	DNS
NSX Manager	Management SCP Servers	22	TCP	SSH (upload support bundle, backups, etc.)
NSX Manager	NTP Servers	123	UDP	NTP
NSX Manager	SNMP Servers	161, 162	TCP	SNMP
NSX Manager	SNMP Servers	161, 162	UDP	SNMP
NSX Manager	Syslog Servers	514	TCP	Syslog
NSX Manager	Syslog Servers	514	UDP	Syslog
NSX Manager	Syslog Servers	6514	TCP	Syslog
NSX Manager	Syslog Servers	6514	UDP	Syslog
NSX Manager	Intermediate and Root CA Servers	80	TCP	Syslog (export over TLS) Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority.
NSX Manager	Traceroute Destination	33434 - 33523	UDP	Traceroute
NSX Manager	vCenter Server	80	TCP	NSX Manager to compute manager (vCenter Server) communication, when configured.
NSX Manager	vCenter Server	443	TCP	NSX Manager to compute manager (vCenter Server) communication, when configured.
NTP Servers	NSX Manager	123	UDP	NTP
Management Clients	NSX Manager	22	TCP	SSH (Disabled by default)
Management Clients	NSX Manager	443	TCP	NSX API server
SNMP Servers	NSX Manager	161	UDP	SNMP