vCenter Server is accessed through predetermined TCP and UDP ports. If you manage network components from outside a firewall, you might be required to reconfigure the firewall to allow access on the appropriate ports.

Required Ports for vCenter Server and Platform Services Controller lists ports that are opened by the installer as part of a default installation. Some additional ports are required for certain services, such as NTP, or applications that are commonly installed with vCenter Server.

In addition to these ports, you can configure other ports depending on your needs.

Table 1. vCenter Server TCP and UDP Ports

Port

Protocol

Description

123 (UDP)

UDP

NTP Client. If you are deploying the vCenter Server Appliance on an ESXi host, the two must by time synchronized, usually through an NTP server, and the corresponding port must be open.

135

UDP

For the vCenter Server Appliance, this port is designated for Active Directory authentication.

For a vCenter Server Windows installation, this port is used for Linked mode and port 88 is used for Active Directory authentication.

161

UDP

SNMP Server.

636

TCP

vCenter Single Sign-On LDAPS (6.0 and later)

8084, 9084, 9087

TCP

Used by vSphere Update Manager

8109

TCP

VMware Syslog Collector. This service is needed if you want to centralize collection.

15007, 15008

TCP

vService Manager (VSM). This service registers vCenter Server extensions. Open this port only if required by extensions that you intend to use.

31031, 44046 (Default)

TCP

vSphere Replication.

5355

UDP

The systemd-resolve process uses this port to resolve domain names, IPv4 and IPv6 addresses, DNS resource records and services.

The following ports are used only internally.

Table 2. vCenter Server TCP and UDP Ports

Port

Description

5443

vCenter Server graphical user interface internal port.

5444, 5432

Internal port for monitoring of vPostgreSQL.

5090

vCenter Server graphical user interface internal port.

7080

Secure Token Service internal port.

7081

Platform Services Controller internal port.

8000

ESXi Dump Collector internal port.

8006

Used for Virtual SAN health monitoring.

8085

Internal ports used by the vCenter service (vpxd) SDK.

8095

VMware vCenter services feed port.

8098, 8099

Used by VMware Image Builder Manager.

8190, 8191, 22000, 22100, 21100

VMware vSphere Profile-Driven Storage Service

8200, 8201, 5480

Appliance management internal ports.

8300, 8301

Appliance management reserved ports.

8900

Monitoring API internal port.

9090

vSphere Web Client internal port.

10080

Inventory service internal port

10201

Message Bus Configuration Service internal port.

11080

vCenter Server appliance internal ports for HTTP and for splash screen.

12721

Secure Token Service internal port.

12080

License service internal port.

12346, 12347, 4298

Internal port for VMware Cloud Management SDKs (vAPI)

13080, 6070

Used internally by the Performance Charts service.

14080

Used internally by the syslog service.

15005, 15006

ESX Agent Manager internal port.

16666, 16667

Content Library ports

18090

Content Manager internal port.

18091

Component Manager internal port.

In addition, the vCenter Server Appliance uses ephemeral ports in the range 32768-60999 for vPostgres services.