vSAN deployments require specific network ports and settings to provide access and services.
vSAN sends messages on certain ports on each host in the cluster. Verify that the host firewalls allow traffic on these ports. For the list of all supported vSAN ports and protocols, see the VMware Ports and Protocols portal at https://ports.vmware.com/.
Firewall Considerations
When you enable vSAN on a cluster, all required ports are added to ESXi firewall rules and configured automatically. There is no need for an administrator to open any firewall ports or enable any firewall services manually.
You can view open ports for incoming and outgoing connections. Select the ESXi host, and click Configure > Security Profile.