Ports on the vRealize Automation appliance are usually preconfigured in the OVF or OVA that you deploy.

The following ports are used by the vRealize Automation appliance.

Table 1. Incoming Ports
Port Protocol Comments
22 TCP Optional. Access for SSH sessions.
80 TCP Optional. Redirects to 443.
88 TCP (UDP optional) Cloud KDC Kerberos authentication from external mobile devices.
443 TCP Access to the vRealize Automation console and API calls.
Access for machines to download the guest agent and software bootstrap agent.
Access for load balancer, browser.
4369, 5671, 5672, 25672 TCP RabbitMQ messaging.
5480 TCP Access to the virtual appliance management interface.
Used by the Management Agent.
5488, 5489 TCP Internally used by the vRealize Automation appliance for updates.
8230, 8280, 8281, 8283 TCP Internal vRealize Orchestrator instance.
8443 TCP Access for browser. Identity Manager administrator port over HTTPS.
8444 TCP Console proxy communication for vSphere VMware Remote Console connections.
8494 TCP Container service cluster sync
9300–9400 TCP Access for Identity Manager audits.
54328 UDP
40002, 40003 TCP vIDM cluster sync
8090, 8092 TCP Used by the Health Service to connect between vRA nodes
Table 2. Outgoing Ports
Port Protocol Comments
25, 587 TCP, UDP SMTP for sending outbound notification email.
53 TCP, UDP DNS server.
67, 68, 546, 547 TCP, UDP DHCP.
80 TCP Optional. For fetching software updates. Updates can be downloaded separately and applied.
88, 464, 135 TCP, UDP Domain controller.
110, 995 TCP, UDP POP for receiving inbound notification email.
143, 993 TCP, UDP IMAP for receiving inbound notification email.
123 TCP, UDP Optional. For connecting directly to NTP instead of using host time.
389 TCP Access to View Connection Server.
389, 636, 3268, 3269 TCP Active Directory. Default ports shown, but are configurable.
443 TCP Communication with IaaS Manager Service and infrastructure endpoint hosts over HTTPS.
Communication with the vRealize Automation software service over HTTPS.
Access to the Identity Manager upgrade server.
Access to View Connection Server.
445 TCP Access to ThinApp repository for Identity Manager.
902 TCP ESXi network file copy operations and VMware Remote Console connections.
5050 TCP Optional. For communicating with vRealize Business for Cloud.
5432 TCP, UDP Optional. For communicating with another appliance PostgreSQL database.
5500 TCP RSA SecurID system. Default port shown, but is configurable.
8281 TCP Optional. For communicating with an external vRealize Orchestrator instance.
8494 TCP Container service cluster sync
9300–9400 TCP Access for Identity Manager audits.
54328 UDP
40002, 40003 TCP vIDM cluster sync

Other ports might be required by specific vRealize Orchestrator plug-ins that communicate with external systems. See the documentation for the vRealize Orchestrator plug-in.