The following ports must be open for NSX to operate properly.

Table 1. Ports and Protocols required by NSX

Source

Target

Port

Protocol

Purpose

Sensitive

TLS

Authentication

Client PC

NSX Manager

443

TCP

NSX Manager Administrative Interface

No

Yes

PAM Authentication

Client PC

NSX Manager

80

TCP

NSX Manager VIB Access

No

No

PAM Authentication

ESXi Host

vCenter Server

443

TCP

ESXi Host Preparation

No

No

vCenter Server

ESXi Host

443

TCP

ESXi Host Preparation

No

No

ESXi Host

NSX Manager

5671

TCP

RabbitMQ

No

Yes

RabbitMQ User/Password

ESXi Host

NSX Controller

1234

TCP

User World Agent Connection

No

Yes

NSX Controller

NSX Controller

2878, 2888, 3888

TCP

Controller Cluster - State Sync

No

Yes

IPsec

NSX Controller

NSX Controller

7777

TCP

Inter-Controller RPC Port

No

Yes

IPsec

NSX Controller

NSX Controller

30865

TCP

Controller Cluster - State Sync

No

Yes

IPsec

NSX Manager

NSX Controller

443

TCP

Controller to Manager Communication

No

Yes

User/Password

NSX Manager

vCenter Server

443

TCP

vSphere Web Access

No

Yes

NSX Manager

vCenter Server

902

TCP

vSphere Web Access

No

Yes

NSX Manager

ESXi Host

443

TCP

Management and provisioning connection

No

Yes

NSX Manager

ESXi Host

902

TCP

Management and provisioning connection

No

Yes

NSX Manager

DNS Server

53

TCP

DNS client connection

No

No

NSX Manager

DNS Server

53

UDP

DNS client connection

No

No

NSX Manager

Syslog Server

514

TCP

Syslog connection

No

No

NSX Manager

Syslog Server

514

UDP

Syslog connection

No

No

NSX Manager

NTP Time Server

123

TCP

NTP client connection

No

Yes

NSX Manager

NTP Time Server

123

UDP

NTP client connection

No

Yes

vCenter Server

NSX Manager

80

TCP

Host Preparation

No

Yes

REST Client

NSX Manager

443

TCP

NSX Manager REST API

No

Yes

User/Password

VXLAN Tunnel End Point (VTEP)

VXLAN Tunnel End Point (VTEP)

8472 (default before NSX 6.2.3) or 4789 (default in new installs of NSX 6.2.3 and later)

UDP

Transport network encapsulation between VTEPs

No

Yes

ESXi Host

ESXi Host

6999

UDP

ARP on VLAN LIFs

No

Yes

ESXi Host

NSX Manager

8301, 8302

UDP

DVS Sync

No

Yes

NSX Manager

ESXi Host

8301, 8302

UDP

DVS Sync

No

Yes

Guest Introspection VM

NSX Manager

5671

TCP

RabbitMQ

No

Yes

RabbitMQ User/Password

Primary NSX Manager

Secondary NSX Manager

443

TCP

Cross-vCenter NSX Universal Sync Service

No

Yes

Primary NSX Manager

vCenter Server

443

TCP

vSphere API

No

Yes

Secondary NSX Manager

vCenter Server

443

TCP

vSphere API

No

Yes

Primary NSX Manager

NSX Universal Controller Cluster

443

TCP

NSX Controller REST API

No

Yes

User/Password

Secondary NSX Manager

NSX Universal Controller Cluster

443

TCP

NSX Controller REST API

No

Yes

User/Password

ESXi Host

NSX Universal Controller Cluster

1234

TCP

NSX Control Plane Protocol

No

Yes

ESXi Host

Primary NSX Manager

5671

TCP

RabbitMQ

No

Yes

RabbitMQ User/Password

ESXi Host

Secondary NSX Manager

5671

TCP

RabbitMQ

No

Yes

RabbitMQ User/Password

Ports for Cross-vCenter NSX and Enhanced Linked Mode

If you have a cross-vCenter NSX environment and your vCenter Server systems are in Enhanced Linked Mode, in order to manage any NSX Manager from any vCenter Server system each NSX Manager appliance must have the required connectivity to each vCenter Server system in the environment.