The operation of VMware Site Recovery requires certain ports to be open.

The components that make up the VMware Site Recovery service, namely vCenter Server, vSphere Web Client, Site Recovery Manager Server, the vSphere Replication appliance, and vSphere Replication servers, require different ports to be open. You must ensure that all the required network ports are open for VMware Site Recovery to function correctly.

vCenter Server and ESXi Server network port requirements for Site Recovery Manager 8.0

Site Recovery Manager requires certain ports to be open onvCenter Server, Platform Services Controller, and on ESXi Server.

Default Port Protocol or Description Source Target Description
443 HTTPS Site Recovery Manager vCenter Server Default SSL Web port.
443 HTTPS Site Recovery Manager Platform Services Controller (PSC) Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.
443 HTTPS Site Recovery Manager on the recovery site Recovery site ESXi host. Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.
902 TCP and UDP Site Recovery Manager Server on the recovery site. Recovery site ESXi host. Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

Site Recovery Manager Server 8.0 network ports

The Site Recovery Manager Server instances on the protected and recovery sites require certain ports to be open.

Default Port Protocol or Description Source Target Endpoints or Consumers
443 HTTPS Site Recovery Manager vCenter Server Default SSL Web Port for incoming TCP traffic.
443 HTTPS Site Recovery Manager Platform Services Controller Traffic from Site Recovery Manager Server to local and remote Platform Services Controller.
443 HTTPS Site Recovery Manager on the recovery site Recovery site ESXi host. Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.
902 TCP and UDP Site Recovery Manager Server on the recovery site. Recovery site ESXi host. Traffic from the Site Recovery Manager Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.
1433 TCP Site Recovery Manager Microsoft SQL Server Site Recovery Manager connectivity to Microsoft SQL Server (for Site Recovery Manager database)
1521 TCP Site Recovery Manager Oracle Database Server Site Recovery Manager database connectivity to Oracle.
1526 TCP Site Recovery Manager Oracle Database Server Site Recovery Manager database connectivity to Oracle.
9086 HTTPS vSphere Web Client Site Recovery Manager All management traffic to Site Recovery Manager Server goes to this port. This includes traffic by external API clients for task automation and HTTPS interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system. Used by vSphere Web Client to download the Site Recovery Manager client plug-in.

Site Pairing Port Requirements

Port Source Target Description
9086 vCenter Server Site Recovery Manager Server vCenter Server and target Site Recovery Manager communication.
9086 Site Recovery Manager Server Site Recovery Manager Server on target site Bi-directional communication between Site Recovery Manager servers.
443 Site Recovery Manager Platform Services Controller and vCenter Server Site Recovery Manager to vCenter Server communication - local and remote.

Network ports that must be open on Site Recovery Manager and vSphere Replication Protected and Recovery sites

Site Recovery Manager and vSphere Replication require that the protected and recovery sites can communicate.

Port Protocol or Description Source Target Endpoints or Consumers
31031 Initial replication traffic ESXi host vSphere Replication appliance on the recovery site From the ESXi host at the protected site to the vSphere Replication appliance at the recovery site
8043 HTTPS Site Recovery Manager vSphere Replication appliance on the recovery and protected sites Management traffic between Site Recovery Manager instances and vSphere Replication appliances.

vSphere Replication 8.0 appliance network ports

Table 1.
Port Protocol or Description Source Target Endpoints or Consumers
80 TCP vSphere Replication appliance All local and remote PSCs in same vCenter Single Sign-On domain (only if external Platform Services Controller is used) All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.
80 TCP vSphere Replication appliance Local vCenter Server All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.
80 HTTP vSphere Replication server in the vSphere Replication appliance ESXi host (intra-site) Used to establish the connection before initial replication starts.
443 TCP vSphere Replication appliance All local and remote Platform Services Controllers in same SSO domain (only if external Platform Services Controller is used) All management traffic to the vSphere Replication appliance.
443 TCP vSphere Replication appliance Local and remote vCenter Server All management traffic to the vSphere Replication appliance.
902 TCP and UDP vSphere Replication server in the vSphere Replication appliance on secondary site ESXi host (intra-site) on secondary site Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
5480 HTTPS Browser vSphere Replication appliance vSphere Replication virtual appliance management interface (VAMI) Web UI. Required only for on-premises site, not required for VMware Cloud on AWS site.
7444 TCP vSphere Replication appliance vCenter Server (intra-site)
7444 TCP vCenter Server All local and remote PSCs
8123 SOAP vSphere Replication appliance vSphere Replication server Intra-site management traffic from the vSphere Replication Management server to additional vSphere Replication servers in the environment.
10443 HTTPS vSphere Web Client on the primary site vCenter Server Inventory Service on the target site ThevSphere Replication UI uses the Inventory Service of the remote vCenter Server to list target datastores.
31031 Initial and ongoing replication traffic ESXi host on source site vSphere Replication server in the vSphere Replication appliance on the secondary site or an external vSphere Replication server on the secondary site Initial and outgoing replication traffic from the ESXi host at the source site to the vSphere Replication appliance or vSphere Replication server at the target site.

vSphere Replication server network ports

If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.

Table 2.
Port Protocol or Description Source Target Endpoints or Consumers
902 TCP and UDP vSphere Replication server in the vSphere Replication appliance on secondary site ESXi host (intra-site) on secondary site Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXihosts on the same site.
5480 VAMI Web UI for additional vSphere Replication servers Browser vSphere Replication server Administrator's web browser. Required only for on-premises site, not required for VMware Cloud on AWS site.
8123 SOAP vSphere Replication Management server vSphere Replication server Intra-site management traffic from the vSphere Replication appliance or vSphere Replication Management server to the vSphere Replication servers.
31031 Initial and ongoing replication traffic ESXi host on source site vSphere Replication server From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.