NSX Controller uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.

You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.

Table 1. TCP and UDP Ports Used by NSX Controller

Source

Target

Port

Protocol

Description

Any

Controller

22

TCP

SSH

Any

Controller

53

UDP

DNS

Any

Controller

123

UDP

NTP

Any

Controller

161

UDP

SNMP

Any

Controller

1100

TCP

Zookeeper quorum

Any

Controller

1200

TCP

Zookeeper leader election

Any

Controller

1300

TCP

Zookeeper server

Any

Controller

1234

TCP

CCP-netcpa communication

Any

Controller

7777

TCP

Moot RPC

Any

Controller

11000 - 11004

UDP

Tunnels to other cluster nodes. You must open more ports if the cluster has more than 5 nodes.

Any

Controller

33434 - 33523

UDP

Traceroute

Controller

Any

22

TCP

SSH

Controller

Any

53

UDP

DNS

Controller

Any

53

TCP

DNS

Controller

Any

80

TCP

HTTP

Controller

Any

123

UDP

NTP

Controller

Any

5671

TCP

NSX messaging

Controller

Any

7777

TCP

Moot RPC

Controller

Any

9000

TCP

Log Insight agent

Controller

Any

11000 - 11004

TCP

Tunnels to other cluster nodes. You must open more ports if the cluster has more than 5 nodes.

Controller

Any

8080

TCP

NSX upgrade

Controller

Any

33434 - 33523

UDP

Traceroute

Controller

Any

514

UDP

Syslog

Controller

Any

514

TCP

Syslog

Controller

Any

6514

TCP

Syslog