Certain ports must be open for user and administrator communication with the virtual machine console. Which ports must be open depends on the type of virtual machine console, and on whether you connect through vCenter Server with the vSphere Web Client or directly to the ESXi host from the VMware Host Client.
Connecting to a Browser-Based Virtual Machine Console Through the vSphere Web Client
When you are connecting with the vSphere Web Client, you always connect to the vCenter Server system that manages the ESXi host, and access the virtual machine console from there.
If you are using the vSphere Web Client and connecting to a browser-based virtual machine console, the following access must be possible:
- The firewall must allow vSphere Web Client to access vCenter Server on port 9443.
- The firewall must allow vCenter Server to access the ESXi host on port 902.
Connecting to a Standalone Virtual Machine Console Through the vSphere Web Client
If you are using the vSphere Web Client and connecting to a standalone virtual machine console, the following access must be possible:
- The firewall must allow vSphere Web Client to access vCenter Server on port 9443.
- The firewall must allow the standalone virtual machine console to access vCenter Server on port 9443 and to access the ESXi host on port 902.
Connecting to ESXi Hosts Directly with the VMware Host Client
The firewall must allow access to the ESXi host on ports 443 and 902
The VMware Host Client uses port 902 to provide a connection for guest operating system MKS activities on virtual machines. It is through this port that users interact with the guest operating systems and applications of the virtual machine. VMware does not support configuring a different port for this function.
