The following ports must be open for NSX to operate properly.

Table 1. Ports and Protocols required by NSX

Source

Target

Port

Protocol

Purpose

Sensitive

TLS

Authentication

Client PC

NSX Manager

443

TCP

NSX Manager Administrative Interface

No

Yes

PAM Authentication

Client PC

NSX Manager

80

TCP

NSX Manager VIB Access

No

No

PAM Authentication

ESXi Host

vCenter Server

80

TCP

ESXi Host Preparation

No

No

vCenter Server

ESXi Host

80

TCP

ESXi Host Preparation

No

No

ESXi Host

NSX Manager

5671

TCP

RabbitMQ

No

Yes

Rabbit MQ user/password

ESXi Host

NSX Controller

1234

TCP

User World Agent Connection

No

Yes

NSX Controller

NSX Controller

2878, 2888, 3888

TCP

Controller Cluster - State Sync

No

Yes

IPsec

NSX Controller

NSX Controller

7777

TCP

Inter-Controller RPC Port

No

Yes

IPsec

NSX Controller

NSX Controller

30865

TCP

Controller Cluster - State Sync

No

Yes

IPsec

NSX Controller

NTP Time Server

123

TCP

NTP client connection

No

Yes

No Authentication

NSX Manager

NSX Controller

443

TCP

Controller to Manager Communication

No

Yes

User/Password

NSX Manager

vCenter Server

443

TCP

TCP vSphere Web Access

No

Yes

NSX Manager

vCenter Server

902

TCP

vSphere Web Access

No

Yes

NSX Manager

ESXi Host

443

TCP

Management and provisioning connection

No

Yes

NSX Manager

ESXi Host

902

TCP

Management and provisioning connection

No

Yes

NSX Manager

DNS Server

53

TCP

DNS client connection

No

No

NSX Manager

Syslog Server

514

TCP

Syslog connection

No

Yes

NSX Manager

NTP Time Server

123

TCP

NTP client connection

No

Yes

vCenter Server

NSX Manager

80

TCP

TCP Host Preparation

No

Yes

REST Client

NSX Manager

443

TCP

NSX Manager REST API

No

Yes

User/Password

NSX Controller

NTP Time Server

123

UDP

NTP client connection

No

Yes

No Authentication

NSX Manager

DNS Server

53

UDP

DNS client connection

No

No

NSX Manager

Syslog Server

514

UDP

Syslog connection

No

Yes

NSX Manager

NTP Time Server

123

UDP

NTP client connection

No

Yes

VXLAN Tunnel End Point (VTEP)

VXLAN Tunnel End Point (VTEP)

8472 or 4789*

UDP

Transport network encapsulation between VTEPs

No

Yes

ESXi Host

ESXi Host

6999

UDP

ARP on VLAN LIFs

No

Yes

ESXi Host

NSX Manager

8301, 8302

UDP

DVS Sync

No

Yes

NSX Manager

ESXi Host

8301, 8302

UDP

DVS Sync

No

Yes

*In NSX before 6.2.3, the default VTEP port for new installs was 8472. Starting in NSX 6.2.3, the default VTEP port for new installs is 4789. NSX deployments upgraded from a prior version of NSX to NSX 6.2.3 continue using the same port by default. Additionally, you can configure a custom port.