vCenter Server is accessed through predetermined TCP and UDP ports. If you manage network components from outside a firewall, you might be required to reconfigure the firewall to allow access on the appropriate ports.
The table lists TCP and UDP ports, and the purpose and the type of each. Ports that are open by default at installation time are indicated by (Default). For an up-to-date list of ports of all vSphere components for the different versions of vSphere, see VMware Knowledge Base Article 1012382.
|80 (Default)|| HTTP access
vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server
WS-Management (also requires port 443 to be open)
|88, 2013||Control interface RPC for Kerberos, used by vCenter Single Sign-On.|
|135 (Default)||For the vCenter Server Appliance, this port is designated for Active Directory authentication.
For a vCenter Server Windows installation, this port is used for Linked mode and port 88 is used for Active Directory authentication.
|161 (Default)||SNMP Server. This is the default port on both an ESXi host and a vCenter Server Appliance.|
|389||vCenter Single Sign-On LDAP (6.0 and later)|
|636||vCenter Single Sign-On LDAPS (6.0 and later)|
vCenter Server systems use port 443 to monitor data transfer from SDK clients.
This port is also used for the following services:
|2012||RPC port for VMware Directory Service (vmdir).|
|2014||RPC port for VMware Certificate Authority (VMCA) service.|
|2020||RPC port for VMware Authentication Framework Service (vmafd).|
|31031, 44046 (Default)||vSphere Replication|
|7444||vCenter Single Sign-On HTTPS.|
|8093||The Client Integration Plug-in uses a local loopback hostname, and uses port 8093 and random ports in the range 50100 to 60099. The Client Integration Plug-in uses port 8093 only for local communication. The port can remain blocked by the firewall.|
|8109||VMware Syslog Collector.|
vSphere Web Client HTTP access to ESXi hosts.
|11711||vCenter Single Sign-On LDAP (environments that are upgraded from vSphere 5.5)|
|11712||vCenter Single Sign-On LDAPS (environments that are upgraded from vSphere 5.5)|
|12721||VMware Identity Management service.|
|15005||ESX Agent Manager (EAM). An ESX Agent can be a virtual machine or an optional VIB. The agent extends the functions of an ESXi host to provide additional services that a vSphere solution such as NSX-v or vRealize Automation requires.|
|15007||vService Manager (VSM). This service registers vCenter Server extensions. Open this port only if required by extensions that you intend to use.|
|50100-60099||The Client Integration Plug-in uses a local loopback hostname, and uses port 8093 and random ports in the range 50100 to 60099. The Client Integration Plug-in uses this port range only for local communication. The port can remain blocked by the firewall.|
In addition to these ports, you can configure other ports depending on your needs.