NSX Controller uses certain TCP and UDP ports to communicate with other components and products. These ports must be open in the firewall.

You can use an API call or CLI command to specify custom ports for transferring files (22 is the default) and for exporting Syslog data (514 and 6514 are the defaults). If you do, you will need to configure the firewall accordingly.

Table 1. TCP and UDP Ports Used by NSX Controller

Source

Target

Port

Protocol

Description

Management Clients

NSX Controller

22

TCP

SSH (Disabled by default)

DNS Servers

NSX Controller

53

UDP

DNS

NTP Servers

NSX Controller

123

UDP

NTP

SNMP Servers

NSX Controller

161

UDP

SNMP

NSX Controllers

NSX Controller

1100

TCP

Zookeeper quorum

NSX Controllers

NSX Controller

1200

TCP

Zookeeper leader election

NSX Controllers

NSX Controller

1300

TCP

Zookeeper server

NSX Edge nodes, Transport Nodes

NSX Controller

1234

TCP

CCP-netcpa communication

NSX Controllers

NSX Controller

7777

TCP

Moot RPC

NSX Controllers

NSX Controller

11000 - 11004

UDP

Tunnels to other cluster nodes. You must open more ports if the cluster has more than 5 nodes.

Traceroute Destination

NSX Controller

33434 - 33523

UDP

Traceroute

NSX Controllers

SSH Destination

22

TCP

SSH (Disabled by default)

NSX Controllers

DNS Servers

53

UDP

DNS

NSX Controllers

DNS Servers

53

TCP

DNS

NSX Controllers

Any

80

TCP

HTTP

NSX Controllers

NTP Servers

123

UDP

NTP

NSX Controllers

NSX Manager

5671

TCP

NSX messaging

NSX Controllers

LogInsight Server

9000

TCP

Log Insight agent

NSX Controllers

NSX Controller

11000 - 11004

TCP

Tunnels to other cluster nodes. You must open more ports if the cluster has more than 5 nodes.

NSX Controllers

NSX Manager

8080

TCP

NSX upgrade

NSX Controllers

Traceroute Destination

33434 - 33523

UDP

Traceroute

NSX Controllers

Syslog Servers

514

UDP

Syslog

NSX Controllers

Syslog Servers

514

TCP

Syslog

NSX Controllers

Syslog Servers

6514

TCP

Syslog