As a security best practice, configure incoming and outgoing ports for the vRealize Automation appliance according to VMware recommendations.
Incoming Ports
Configure the minimum required incoming ports for the vRealize Automation appliance. Configure optional ports if needed for your system configuration.
PORT |
PROTOCOL |
COMMENTS |
---|---|---|
443 |
TCP |
Access to the vRealize Automation console and API calls. |
8443 |
TCP |
Console Proxy (VMRC). |
5480 |
TCP |
Access to the virtual appliance Web Management Console. |
5488, 5489 |
TCP |
Internal. Used by the vRealize Automation appliance for updates. |
5672 |
TCP |
RabbitMQ messaging.
Note:
When you cluster vRealize Automation appliance instances, you might need to configure the open ports 4369 and 25672. |
40002 |
TCP |
Required for vIDM service. This is firewalled to all external traffic with the exception of traffic from other vRealize Automation appliance nodes when added in HA configuration. |
If necessary, configure optional incoming ports.
PORT |
PROTOCOL |
COMMENTS |
---|---|---|
22 |
TCP |
(Optional) SSH. In a production environment, disable the SSH service listening on port 22, and close port 22 . |
80 |
TCP |
(Optional) Redirects to 443. |
Outgoing Ports
Configure the required outgoing ports.
PORT |
PROTOCOL |
COMMENTS |
---|---|---|
25,587 |
TCP, UDP |
SMTP for sending outbound notification emails. |
53 |
TCP, UDP |
DNS. |
67, 68, 546, 547 |
TCP, UDP |
DHCP. |
110, 995 |
TCP, UDP |
POP for receiving inbound notification emails. |
143, 993 |
TCP, UDP |
IMAP for receiving inbound notification emails. |
443 |
TCP |
Infrastructure as a Service Manager Service over HTTPS. |
If necessary, configure optional outgoing ports.
PORT |
PROTOCOL |
COMMENTS |
---|---|---|
80 |
TCP |
(Optional) For fetching software updates. You can download and apply updates separately. |
123 |
TCP, UDP |
(Optional) For connecting directly to NTP instead of using host time. |