Ports

vSphere Ports & Connections: The Infrastructure Roadmap

Posted on October 8, 2015 Updated on March 21, 2026

In a locked-down enterprise environment, the “Any-to-Any” firewall rule is a myth. To manage ESXi effectively, you need to poke specific holes in your hardware and software firewalls.

The Core Management Ports

These are the “must-haves” for basic connectivity between vCenter, the vSphere Client, and the Host.

Port	Protocol	Source	Destination	Purpose
443	TCP	Management Workstation	vCenter / ESXi	vSphere Client / SDK: The primary port for the Web Client and API access.
902	TCP/UDP	vCenter Server	ESXi Host	vCenter Agent (vpxa): vCenter uses this to send data to the host and receive heartbeats.
902	TCP	Management Workstation	ESXi Host	VM Console: Required to open the “Remote Console” (MKS) to a virtual machine.
80	TCP	vCenter / Workstation	ESXi Host	HTTP: Used for redirecting to 443 and for some legacy file downloads.

Advanced Feature Ports

If you are using specific vSphere features like vMotion, HA, or specialized storage, you need these additional ports open:

1. vMotion (Live Migration)

8000 (TCP): Required for vMotion traffic.
2049 (TCP/UDP): If using NFS storage for the virtual disks.

2. vSphere High Availability (HA)

8182 (TCP/UDP): Used by the Fault Domain Manager (FDM) agent for inter-host communication and election of the master host.

3. Provisioning & Deployment

69 (UDP): TFTP, used for PXE booting ESXi for Auto Deploy.
4012 (TCP): Used by the Auto Deploy service.

4. Troubleshooting & Monitoring

22 (TCP): SSH access to the ESXi Shell.
161 / 162 (UDP): SNMP polling and traps for hardware monitoring.

Troubleshooting “Host Disconnected”

If your host shows as “Not Responding” in vCenter, check these three things in order:

Ping: Can the vCenter server ping the ESXi management IP?
Port 902: From the vCenter server, try to telnet to the host on port 902 (telnet <host-ip> 902). If it fails, the heartbeat can’t get through.
DNS: VMware is extremely sensitive to DNS. Ensure forward and reverse lookups work for both the vCenter and the Host.

Lazy Admin Tip 💡

Don’t memorize every port! Use the VMware Ports and Protocols Tool (the official online matrix). It allows you to select your source and destination products and generates a custom firewall rule list for you.

A high resolution pdf can be downloaded here Connections and Ports in ESX and ESXi

#VMware #vSphere #Networking #SysAdmin #Firewall #DataCenter #ESXi #ITOps #LazyAdmin #Connectivity

This entry was posted in VMware and tagged ESXi, Firewall, IT Infrastructure, Networking, Ports, SysAdmin, Troubleshooting, vcenter, vmotion, VMware.