When you power on the vSphere Replication appliance, it automatically configures all ESXi hosts in your environment to open TCP ports 10000-10010 for outgoing data transfers.

About this task

The vCloud Tunneling Agent in the vSphere Replication appliance uses ports 10000-10010 to receive data from ESXi instances that host replication sources.

If you do not want to have unused open ports on your ESXi hosts, if the number of open ports is insufficient, or if you want to change which ports are open, you can reconfigure your firewall settings.

To change the default ports that are used to transfer replication data from ESXi hosts to the vCloud Tunneling Agent, you must configure each ESXi instance that hosts a replication source virtual machine, and the vCloud Tunneling Agent.


  1. Disable the default Replication-to-cloud Traffic rule that is created by the vSphere Replication appliance.
  2. Create a custom firewall rule on each ESXi server that hosts replication source machines.
  3. Enable the custom firewall rule that you created on each ESXi host.

What to do next

Configure the vCloud Tunneling Agent to use the ports that you configured on ESXi hosts.