vCenter Server is accessed through predetermined TCP and UDP ports. If you manage network components from outside a firewall, you might be required to reconfigure the firewall to allow access on the appropriate ports.
Required Ports for vCenter Server and Platform Services Controller lists ports that are opened by the installer as part of a default installation. Some additional ports are required for certain services, such as NTP, or applications that are commonly installed with vCenter Server.
In addition to these ports, you can configure other ports depending on your needs.
|123 (UDP)||UDP||NTP Client. If you are deploying the vCenter Server Appliance on an ESXi host, the two must be time synchronized, usually through an NTP server, and the corresponding port must be open.|
|135||UDP||For the vCenter Server Appliance, this port is designated for Active Directory authentication.
For a vCenter Server Windows installation, this port is used for Linked Mode and port 88 is used for Active Directory authentication.
|636||TCP||vCenter Single Sign-On LDAPS (6.0 and later)|
|8084, 9084, 9087||TCP||Used by vSphere Update Manager.|
|8109||TCP||VMware Syslog Collector. This service is needed if you want to centralize log collection.|
|15007, 15008||TCP||vService Manager (VSM). This service registers vCenter Server extensions. Open this port only if required by extensions that you intend to use.|
|31031, 44046 (Default)||TCP||vSphere Replication.|
|5355||UDP||The systemd-resolve process uses this port to resolve domain names, IPv4 and IPv6 addresses, DNS resource records and services.|
|5443||vCenter Server graphical user interface internal port.|
|5444, 5432||Internal port for monitoring of vPostgreSQL.|
|5090||vCenter Server graphical user interface internal port.|
|7080||Secure Token Service internal port.|
|7081||Platform Services Controller internal port.|
|8000||ESXi Dump Collector internal port.|
|8006||Used for Virtual SAN health monitoring.|
|8085||Internal ports used by the vCenter service (vpxd) SDK.|
|8095||VMware vCenter services feed port.|
|8098, 8099||Used by VMware Image Builder Manager.|
|8190, 8191, 22000, 22100, 21100||VMware vSphere Profile-Driven Storage Service.|
|8200, 8201, 5480||Appliance management internal ports.|
|8300, 8301||Appliance management reserved ports.|
|8900||Monitoring API internal port.|
|9090||Internal port for vSphere Web Client.|
|10080||Inventory service internal port|
|10201||Message Bus Configuration Service internal port.|
|11080||vCenter Server Appliance internal ports for HTTP and for splash screen.|
|12721||Secure Token Service internal port.|
|12080||License service internal port.|
|12346, 12347, 4298||Internal port for VMware Cloud Management SDKs (vAPI).|
|13080, 6070||Used internally by the Performance Charts service.|
|14080||Used internally by the syslog service.|
|15005, 15006||ESX Agent Manager internal port.|
|16666, 16667||Content Library ports.|
|18090||Content Manager internal port.|
|18091||Component Manager internal port.|
In addition, the vCenter Server Appliance uses ephemeral ports from 32768 through 60999 for vPostgres services.
The following ports are required between vCenter High Availability (VCHA) nodes.
|22||TCP||Between all three nodes Bidirectional.||System port for SSHD|
|5432||TCP||Between Primary and Secondary Bidirectional.||Postgres|
|8182||TCP||Between all three nodes Bidirectional.||Fault Domain Manager|
|8182||UDP||Between all three nodes Bidirectional.||Fault Domain Manager|