No inbound ports are required to be open in your on-prem deployment of NSX-T Data Center to enable public cloud connectivity.

The following outbound ports are required:

Table 1. Ports and Protocols Required for Public Cloud Connectivity with NSX-T Data Center
From To Port Protocol Required for:
CSM PCG 80
Note: If you are using NSX-T Data Center version 2.5.0, you need to open the non-standard port 7442 instead, and ensure your firewall allows SSL traffic over it.
TCP CSM configuration, such as upgrade workflow, over HTTPS.
NSX Manager PCG 443 TCP NSX RPC channel(s).
CSM NSX Manager 443 TCP CSM to access NSX Manager. See Ports and Protocols for details on the on-prem deployment.