Certain ports must be open for user and administrator communication with the virtual machine console. Which ports must be open depends on the type of virtual machine console, and on whether you connect through vCenter Server with the vSphere Client or directly to the ESXi host from the VMware Host Client.
Connecting to a Browser-Based Virtual Machine Console Through the vSphere Client
When you are connecting with the vSphere Client, you always connect to the vCenter Server system that manages the ESXi host, and access the virtual machine console from there.
If you are using the vSphere Client and connecting to a browser-based virtual machine console, the following access must be possible:
- The firewall must allow vSphere Client to access vCenter Server on port 443.
- The firewall must allow vCenter Server to access the ESXi host on port 902.
Connecting to a VMware Remote Console Through the vSphere Client
If you are using the vSphere Client and connecting to a VMware Remote Console (VMRC), the following access must be possible:
- The firewall must allow the vSphere Client to access vCenter Server on port 443.
- The firewall must allow the VMRC to access vCenter Server on port 443 and to access the ESXi host on port 902 for VMRC versions before 11.0, and port 443 for VMRC version 11.0 and greater. For more information about VMRC version 11.0 and ESXi port requirements, see the VMware knowledge base article at https://kb.vmware.com/s/article/76672.
Connecting to ESXi Hosts Directly with the VMware Host Client
The firewall must allow access to the ESXi host on ports 443 and 902.
The VMware Host Client uses port 902 to provide a connection for guest operating system MKS activities on virtual machines. It is through this port that users interact with the guest operating systems and applications of the virtual machine. VMware does not support configuring a different port for this function.