Network Ports for
on

The operation of
requires certain ports to be open.
The components that make up the
service, namely
vCenter Server
,
,
, the
appliance, and
servers, require different ports to be open. You must ensure that all the required network ports are open for
to function correctly.
and
do not have public IP addresses. You must use a VPN or Direct Connect to access the HTML 5 user interface.

vCenter Server
and
ESXi
Server network port requirements for

requires certain ports to be open on
vCenter Server
,
Platform Services Controller
, and on
ESXi
Server.
Default Port
Protocol or Description
Source
Target
Description
443
HTTPS
vCenter Server
Default SSL Web port.
443
HTTPS
Platform Services Controller
(PSC)
Traffic from
to local and remote
Platform Services Controller
.
443
HTTPS
on the recovery site
Recovery site
ESXi
host.
Traffic from the
on the recovery site to
ESXi
hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.
902
TCP and UDP
on the recovery site.
Recovery site
ESXi
host.
Traffic from the
on the recovery site to
ESXi
hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using
use this port.

network ports

The
instances on the protected and recovery sites require certain ports to be open.
Default Port
Protocol or Description
Source
Target
Endpoints or Consumers
443
HTTPS
vCenter Server
Default SSL Web Port for incoming TCP traffic.
443
HTTPS
Platform Services Controller
Traffic from
to local and remote
Platform Services Controller
.
443
HTTPS
on the recovery site
Recovery site
ESXi
host.
Traffic from the
on the recovery site to
ESXi
hosts when recovering or testing virtual machines with configured IP customization, or callout commands on recovered virtual machines.
902
TCP and UDP
on the recovery site.
Recovery site
ESXi
host.
Traffic from the
on the recovery site to
ESXi
hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using
use this port.

Site Pairing Port Requirements

Port
Protocol
Source
Target
Description
443
HTTPS
vCenter Server
Appliance
vCenter Server
and target
communication.
443
HTTPS
Appliance
Appliance on target site
Bi-directional communication between
servers.
443
HTTPS
Platform Services Controller
and
vCenter Server
to
vCenter Server
communication - local and remote.

Network ports that must be open on
and
Protected and Recovery sites

and
require that the protected and recovery sites can communicate.
Port
Protocol or Description
Source
Target
Endpoints or Consumers
31031
Initial replication traffic
ESXi
host
appliance on the recovery site
From the
ESXi
host at the protected site to the
appliance at the recovery site
32032
TCP
ESXi
host on the source site
server at the target site
Initial and outgoing replication traffic from the ESXi host at the source site to the
appliance or
server at the target site for replication traffic with network encryption.
8043
HTTPS
appliance on either site
appliance on either site
Management traffic between
appliances.
8043
HTTPS
appliance on the recovery and protected sites
Management traffic between
instances and
appliances.

appliance network ports

Port
Protocol or Description
Source
Target
Endpoints or Consumers
80
TCP
appliance
All local and remote PSCs in same
domain (only if external
Platform Services Controller
is used)
All management traffic to the
appliance goes to port 80 on the
vCenter Server
proxy system.
80
TCP
appliance
Local
vCenter Server
All management traffic to the
appliance goes to port 80 on the
vCenter Server
proxy system.
80
HTTP
server in the
appliance
ESXi
host (intra-site)
Used to establish the connection before initial replication starts.
443
TCP
appliance
All local and remote
Platform Services Controller
s in same SSO domain (only if external
Platform Services Controller
is used)
All management traffic to the
appliance.
443
TCP
appliance
Local and remote
vCenter Server
All management traffic to the
appliance.
443
HTTPS
HTML 5 user interface
appliance
Default port for the
HTML 5 user interface when you open it from the
appliance.
902
TCP and UDP
server in the
appliance on secondary site
ESXi
host (intra-site) on secondary site
Used by
servers to send replication traffic to the destination
ESXi
hosts.
5480
HTTPS
Browser
appliance
virtual appliance management interface (VAMI) Web UI. Required only for on-premises site, not required for VMware Cloud on Dell EMC site.
7444
TCP
appliance
vCenter Server
(intra-site)
7444
TCP
vCenter Server
All local and remote PSCs
8123
SOAP
appliance
server
Intra-site management traffic from the
Management server to additional
servers in the environment.
10443
HTTPS
on the primary site
vCenter Server
Inventory Service on the target site
The
UI uses the Inventory Service of the remote
vCenter Server
to list target datastores.
31031
Initial and ongoing replication traffic
ESXi
host on source site
server in the
appliance on the secondary site or an external
server on the secondary site
Initial and outgoing replication traffic from the ESXi host at the source site to the
appliance or
server at the target site.
32032
TCP
ESXi
host on the source site
server at the target site
Initial and outgoing replication traffic from the ESXi host at the source site to the
appliance or
server at the target site for replication traffic with network encryption.

server network ports

If you deploy additional
servers, ensure that the subset of the ports that
servers require are open on those servers.
Port
Protocol or Description
Source
Target
Endpoints or Consumers
902
TCP and UDP
server in the
appliance on secondary site
ESXi
host (intra-site) on secondary site
Traffic (specifically the NFC service to the destination
ESXi
servers) between the
server and the
ESXi
hosts on the same site.
5480
VAMI Web UI for additional
servers
Browser
server
Administrator's web browser. Required only for on-premises site, not required for VMware Cloud on Dell EMC site.
8123
SOAP
Management server
server
Intra-site management traffic from the
appliance or
Management server to the
servers.
31031
Initial and ongoing replication traffic
ESXi
host on source site
server
From the ESXi host at the protected site to the
appliance or
server at the recovery site.
32032
TCP
ESXi
host on the source site
server at the target site
Initial and outgoing replication traffic from the ESXi host at the source site to the
appliance or
server at the target site for replication traffic with network encryption.