As a security best practice, configure incoming and outgoing ports for the vRealize Automation appliance according to VMware recommendations.

Incoming Ports

Configure the minimum required incoming ports for the vRealize Automation appliance. Configure optional ports if needed for your system configuration.

Table 1. Minimum Required Incoming Ports

PORT

PROTOCOL

COMMENTS

443

TCP

Access to the vRealize Automation console and API calls.

8443

TCP

Console Proxy (VMRC).

5480

TCP

Access to the virtual appliance Web Management Console.

5488, 5489

TCP

Internal. Used by the vRealize Automation appliance for updates.

5672

TCP

RabbitMQ messaging.

Note:

When you cluster vRealize Automation appliance instances, you might need to configure the open ports 4369 and 25672.

40002

TCP

Required for vIDM service. This is firewalled to all external traffic with the exception of traffic from other vRealize Automation appliance nodes when added in HA configuration.

If necessary, configure optional incoming ports.

Table 2. Optional Incoming Ports

PORT

PROTOCOL

COMMENTS

22

TCP

(Optional) SSH. In a production environment, disable the SSH service listening on port 22, and close port 22 .

80

TCP

(Optional) Redirects to 443.

Outgoing Ports

Configure the required outgoing ports.

Table 3. Minimum Required Outgoing Ports

PORT

PROTOCOL

COMMENTS

25,587

TCP, UDP

SMTP for sending outbound notification emails.

53

TCP, UDP

DNS.

67, 68, 546, 547

TCP, UDP

DHCP.

110, 995

TCP, UDP

POP for receiving inbound notification emails.

143, 993

TCP, UDP

IMAP for receiving inbound notification emails.

443

TCP

Infrastructure as a Service Manager Service over HTTPS.

If necessary, configure optional outgoing ports.

Table 4. Optional Outgoing Ports

PORT

PROTOCOL

COMMENTS

80

TCP

(Optional) For fetching software updates. You can download and apply updates separately.

123

TCP, UDP

(Optional) For connecting directly to NTP instead of using host time.