In this blog post I will sum up all the network ports that are required to operate various capabilities that are within NSX-T Data Center. This blog is about current version of NSX-T Data Center, the current version is 3.2.0.0.1. Please acknowledge that not all features are available under each NSX-T Data Center Edition.
Please verify which features are licensed for your deployment so you can check which features you can deploy under your license.
List of NSX-T Data Center editions, and which features are included for these editions
| Port | Protocol | Source | Destination | Service Description | Purpose |
| 443 | TCP | NSX Application Platform (NAPP) | NSX ATP Cloud Services | Used by NAPP to cloud service deployed in the cloud for NSX NDR and NSX Malware Prevention | Invocation of NDR and Malware Prevention cloud service over https |
| 9092 | TCP | NSX Unified Appliance / Transport Nodes | NSX Application Platform (NAPP) | Incoming messages from NSX Unified Appliance or Transport Nodes to NSX Intelligence Appliance | Kafka broker for collecting data from NSX and hosts |
| 443 | TCP | Management Clients / NSX Unified Appliance | NSX Application Platform (NAPP) | NSX API Server | Entry point for APIs in NSX Intelligence |
| 22 | TCP | Management Clients | NSX Application Platform (NAPP) | SSH | HDFS and root login to appliance |
| 123 | UDP | NTP Servers | NSX Application Platform (NAPP) | NTP | NTP Server connection |
| 10250 | TCP | NSX Application Platform (NAPP) | Kubelet API Server | Invocation of Kubelet API from NSX Unified Appliance | Kubelet API |
| 443 | TCP | NSX Application Platform (NAPP) | NSX Threat Intelligence Cloud Service (NTICS) | Used by NSX Unified Appliance to NTICS service deployed in the cloud | Invocation of NTICS cloud service over https |
| 443 | TCP | NSX Unified Appliance | NSX Threat Intelligence Cloud Service (NTICS) | Used by NSX Unified Appliance to NTICS service deployed in the cloud | Invocation of NTICS cloud service over https |
| 10259 | TCP | NSX Application Platform (NAPP) | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-scheduler |
| 2379, 2380 | TCP | NSX Application Platform (NAPP) | Etcd Kubernetes API Server | API invocation from NSX Intelligence to Etcd server | Etcd Kubernetes server |
| 10250 | TCP | NSX Application Platform (NAPP) | kube-api-server | API invocation from NSX Intelligence to kube-api-server | Invocation of kube-api-server API |
| 10250 | TCP | NSX Application Platform (NAPP) | kube-api | API invocation from NSX Intelligence to kupe-api | Innocation of kube API |
| 6443 | TCP | NSX Application Platform (NAPP) | Kubernetes API Server | API invocation from NSX Intelligence to Kubernette API server | Innocation of Kubernete API |
| 10257 | TCP | NSX Unified Appliance | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-controller-manager |
| 10259 | TCP | NSX Unified Appliance | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-scheduler |
| 2379, 2380 | TCP | NSX Unified Appliance | Etcd Kubernetes API Server | API invocation from NSX Unified Appliance to Etcd Kubernetes server | Etcd Kubernetes server |
| 10250 | TCP | NSX Unified Appliance | Kubernetes API Server | API invocation from NSX Unified Appliance to Kubernette API server | Innocation of Kubernete API |
| 6443 | TCP | NSX Unified Appliance | Kubernetes API Server | API invocation from NSX Unified Appliance to Kubernette API server | Innocation of Kubernete API |
| 9092 | TCP | NSX Application Platform (NAPP) | NSX Unified Appliance / NSX Transport Nodes | NSX Intelligence outgoing communication to NSX Unified Appliance or Transport Nodes | Connection to NSX Intelligence from hosts and NSX for kafka |
| 443 | TCP | NSX Application Platform (NAPP) | vCenter Server / NSX Unified Appliance | NSX Intelligence to a compute manager (vCenter Server) communication and NSX Unified Appliance, when configured. | Entry point for NSX Intelligence to reach NSX Manager for certain API calls |
| 123 | UDP | NSX Application Platform (NAPP) | NTP Servers | NTP | NTP Client connection |
| 22 | TCP | NSX Application Platform (NAPP) | Management SCP Servers | SSH (upload support bundle, backups, etc.) | SSH for backup |
| 53 | UDP | NSX Application Platform (NAPP) | DNS Servers | DNS | DNS Client connection |
| 53 | TCP | NSX Application Platform (NAPP) | DNS Servers | DNS | DNS Client connection |
| 443 | TCP | NSX Unified Appliance | NSX Threat Intelligence Cloud Service (NTICS) | NSX Manager accesses NTICS over https | For IDS Signature download |
| 80 | TCP | Cloud Service Manager (CSM) | Public Cloud Gateway (PCG) | CSM configuration, such as upgrade workflow, over HTTPS. | |
| 443 | TCP | Cloud Service Manager (CSM) | NSX Manager | CSM to access NSX Manager. | |
| 443 | TCP | NSX Manager | Public Cloud Gateway (PCG) | NSX RPC channel(s) | |
| 7442 | TCP | Cloud Service Manager (CSM) | Public Cloud Gateway (PCG) | CSM configuration, such as upgrade workflow, over HTTPS. Ensure your firewall allows SSL traffic over this non-standard port. | |
| 500,4500 | 50,51 | NSX Edge Nodes | External IPSEC Peers | IPSEC VPN session | |
| 1236,443 | TCP | NSX Local Manager(s)/NSX Global Manager(s) | NSX Local Manager(s)/NSX Global Manager(s) | Federation Management plane and control plane communication between locations (Async Replicator) | |
| 1167 | TCP | NSX Edge nodes | NSX Edge nodes | DHCP Lease Info Sync for HA over secure channel on Edge Management port | |
| 9040 | TCP | NSX Manager | NSX Manager | Distributed Datastore | |
| 4789 | UDP | NSX Edge Nodes | External Routing Peers | VXLAN encap traffic | |
| 80 | TCP | NSX Edge nodes | Intermediate and Root CA Servers | Syslog (export over TLS). To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. | |
| 514 | TCP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) | |
| 514 | UDP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) | |
| 6514 | TCP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) | |
| 6514 | UDP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) | |
| 80 | TCP | Host Transport Node | Intermediate and Root CA servers | Syslog (export over TLS). To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. | |
| 5671, 1234, 1235, 443 | TCP | NSX Managers, NSX Edge nodes, Transport nodes | NSX Manager | NSX messaging | |
| 8080 | TCP | NSX Managers, NSX Edge nodes, Transport nodes, vCenter Server | NSX Manager | Install-upgrade HTTP repository | |
| 389,636 | TCP | NSX Manager | External LDAP server | Active Directory/LDAP | |
| 6081 | UDP | GENEVE Remote Tunnel End Point (RTEP) | GENEVE Remote Tunnel End Point (RTEP) | Federation Cross-location communication between Edge nodes in Federation | |
| 443 | TCP | Management Clients | NSX Autonomous Edge Nodes | HTTPS | |
| 3784, 3785, 4784 | UDP | NSX Edge nodes, Transport nodes | NSX Edge nodes | BFD between the Transport node TEP IP address in the data. | |
| 3784, 3785, 4784 | UDP | NSX Edge Nodes | External Routing Peers | BFD for static routes and BGP peers. | |
| 443 | TCP | NSX Edge Nodes | api.nsx-sec-prod.com & *.amazonaws.com | Edge uses management network to download URL Categories/Reputation from cloud for NSX URL Analysis | |
| 443 | TCP | NSX Managers | github.com | Download IDS Signature from Trustwave Signature Repository. | |
| 1235 | TCP | NSX Edge nodes | NSX Manager | Lower Control Plane (LCP) to Central Control Plane (CCP) communication | |
| 2480 | TCP | NSX Edge nodes | NSX Edge nodes | Nestdb | |
| 6666 | TCP | NSX Edge nodes | NSX Edge nodes | NSX Cloud – NSX Edge local communication. | |
| 50263 | UDP | NSX Edge nodes | NSX Edge nodes | High-Availability | |
| 443 | TCP | NSX Edge nodes | NSX Manager | HTTPS | |
| 1234 | TCP | NSX Edge nodes | NSX Manager | NSX Messaging channel to NSX Manager | |
| 8080 | TCP | NSX Edge nodes | NSX Manager | NAPI, NSX-T Data Center upgrade | |
| 123 | UDP | NSX Edge nodes | NTP Servers | NTP | |
| 3000 – 9000 | TCP | NSX Edge nodes | OpenStack Nova API Server | Metadata proxy | |
| 161, 162 | TCP | NSX Edge nodes | SNMP Servers | SNMP | |
| 161, 162 | UDP | NSX Edge nodes | SNMP Servers | SNMP | |
| 514 | TCP | NSX Edge nodes | Syslog Servers | Syslog | |
| 514 | UDP | NSX Edge nodes | Syslog Servers | Syslog | |
| 6514 | TCP | NSX Edge nodes | Syslog Servers | Syslog | |
| 6514 | UDP | NSX Edge nodes | Syslog Servers | Syslog | |
| 33434 – 33523 | UDP | NSX Edge nodes | Traceroute Destination | Traceroute | |
| 123 | UDP | NTP Servers | NSX Edge nodes | NTP | |
| 161 | UDP | SNMP Servers | NSX Edge nodes | SNMP | |
| 53 | TCP | NSX Manager | DNS Servers | DNS | |
| 53 | UDP | NSX Manager | DNS Servers | DNS | |
| 22 | TCP | NSX Manager | Management SCP Servers | SSH (upload support bundle, backups, etc.) | |
| 123 | UDP | NSX Manager | NTP Servers | NTP | |
| 161, 162 | TCP | NSX Manager | SNMP Servers | SNMP | |
| 161, 162 | UDP | NSX Manager | SNMP Servers | SNMP | |
| 514 | TCP | NSX Manager | Syslog Servers | Syslog | |
| 514 | UDP | NSX Manager | Syslog Servers | Syslog | |
| 6514 | TCP | NSX Manager | Syslog Servers | Syslog | |
| 6514 | UDP | NSX Manager | Syslog Servers | Syslog | |
| 80 | TCP | NSX Manager | Intermediate and Root CA Servers | Syslog (export over TLS).Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. | |
| 33434-33523 | UDP | NSX Manager | Traceroute Destination | Traceroute | |
| 80 | TCP | NSX Manager | vCenter Server | NSX Manager to compute manager (vCenter Server) communication, when configured. | |
| 443 | TCP | NSX Manager | vCenter Server | NSX Manager to compute manager (vCenter Server) communication, when configured. | |
| 123 | UDP | NTP Servers | NSX Manager | NTP | |
| 22 | TCP | Management Clients | NSX Manager | SSH (Disabled by default) | |
| 443 | TCP | Management Clients | NSX Manager | NSX API server | |
| 161 | UDP | SNMP Servers | NSX Manager | SNMP | |
| 22 | TCP | Management Clients | NSX Edge nodes | SSH (Disabled by default) | |
| 5555 | TCP | NSX Agent | NSX Edge nodes | NSX Cloud – Agent on instance communicates to NSX Cloud Gateway. | |
| 53 | UDP | NSX Edge nodes | DNS Servers | DNS | |
| 22 | TCP | NSX Edge nodes | Management SCP or SSH Servers | SSH | |
| 1235 | TCP | ESXi host | NSX Manager | Local Control Plane (LCP) to Central Control Plane (CCP) communication | |
| 443 | TCP | ESXi and KVM host | NSX Manager | Management and provisioning connection | |
| 443 | TCP | ESXi and KVM host | NSX Manager | Install and upgrade HTTP repository | |
| 6081 | UDP | GENEVE Termination End Point (TEP) | GENEVE Termination End Point (TEP) | Transport network | |
| 1234 | TCP | KVM host | NSX Manager | NSX Messaging channel to NSX Manager. AMPQ Communication channel to NSX Manager | |
| 5671, 1235, 1234, 8080 | TCP | Bare Metal server host | NSX Manager | AMPQ Communication channel to NSX Manager | |
| 1235 | TCP | KVM host | NSX Manager | Local Control Plane (LCP) to Central Control Plane (CCP) communication | |
| 8080 | TCP | KVM host | NSX Manager | Install and upgrade HTTP repository | |
| 443 | TCP | NSX Manager | ESXi host | Management and provisioning connection | |
| 443 | TCP | NSX Manager | KVM host | Management and provisioning connection | |
| 3784, 3785 | UDP | NSX-T Data Center transport node | NSX-T Data Center transport node | BFD Session between TEPs, in the datapath using TEP interface | |
| 1234 | TCP | ESXi host | NSX Manager | NSX Messaging channel to NSX Manager. AMPQ Communication channel to NSX Manager | |
| 103 | NSX Edge Nodes | External Routing Peers | PIM Routing session | ||
| 179 | TCP | NSX Edge Nodes | External Routing Peers | BGP Routing session | |
| 9000, 9040, 5671, 1234, 443, 8080 | TCP | NSX Manager | NSX Manager | Distributed Datastore |
| Port | Protocol | Source | Destination | Service Description | Purpose |
| 443 | TCP | NSX Application Platform (NAPP) | NSX ATP Cloud Services | Used by NAPP to cloud service deployed in the cloud for NSX NDR and NSX Malware Prevention |
Invocation of NDR and Malware Prevention cloud service over https |
| 9092 | TCP | NSX Unified Appliance / Transport Nodes |
NSX Application Platform (NAPP) | Incoming messages from NSX Unified Appliance or Transport Nodes to NSX Intelligence Appliance |
Kafka broker for collecting data from NSX and hosts |
| 443 | TCP | Management Clients / NSX Unified Appliance |
NSX Application Platform (NAPP) | NSX API Server | Entry point for APIs in NSX Intelligence |
| 22 | TCP | Management Clients | NSX Application Platform (NAPP) | SSH | HDFS and root login to appliance |
| 123 | UDP | NTP Servers | NSX Application Platform (NAPP) | NTP | NTP Server connection |
| 10250 | TCP | NSX Application Platform (NAPP) | Kubelet API Server | Invocation of Kubelet API from NSX Unified Appliance |
Kubelet API |
| 443 | TCP | NSX Application Platform (NAPP) | NSX Threat Intelligence Cloud Service (NTICS) |
Used by NSX Unified Appliance to NTICS service deployed in the cloud |
Invocation of NTICS cloud service over https |
| 443 | TCP | NSX Unified Appliance | NSX Threat Intelligence Cloud Service (NTICS) |
Used by NSX Unified Appliance to NTICS service deployed in the cloud |
Invocation of NTICS cloud service over https |
| 10259 | TCP | NSX Application Platform (NAPP) | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-scheduler |
| 2379, 2380 | TCP | NSX Application Platform (NAPP) | Etcd Kubernetes API Server | API invocation from NSX Intelligence to Etcd server |
Etcd Kubernetes server |
| 10250 | TCP | NSX Application Platform (NAPP) | kube-api-server | API invocation from NSX Intelligence to kube-api-server |
Invocation of kube-api-server API |
| 10250 | TCP | NSX Application Platform (NAPP) | kube-api | API invocation from NSX Intelligence to kupe-api |
Innocation of kube API |
| 6443 | TCP | NSX Application Platform (NAPP) | Kubernetes API Server | API invocation from NSX Intelligence to Kubernette API server |
Innocation of Kubernete API |
| 10257 | TCP | NSX Unified Appliance | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-controller-manager |
| 10259 | TCP | NSX Unified Appliance | Kubernetes Cluster Server | Used by Kubernetes server to self | kube-scheduler |
| 2379, 2380 | TCP | NSX Unified Appliance | Etcd Kubernetes API Server | API invocation from NSX Unified Appliance to Etcd Kubernetes server |
Etcd Kubernetes server |
| 10250 | TCP | NSX Unified Appliance | Kubernetes API Server | API invocation from NSX Unified Appliance to Kubernette API server |
Innocation of Kubernete API |
| 6443 | TCP | NSX Unified Appliance | Kubernetes API Server | API invocation from NSX Unified Appliance to Kubernette API server |
Innocation of Kubernete API |
| 9092 | TCP | NSX Application Platform (NAPP) | NSX Unified Appliance / NSX Transport Nodes |
NSX Intelligence outgoing communication to NSX Unified Appliance or Transport Nodes |
Connection to NSX Intelligence from hosts and NSX for kafka |
| 443 | TCP | NSX Application Platform (NAPP) | vCenter Server / NSX Unified Appliance |
NSX Intelligence to a compute manager (vCenter Server) communication and NSX Unified Appliance, when configured. |
Entry point for NSX Intelligence to reach NSX Manager for certain API calls |
| 123 | UDP | NSX Application Platform (NAPP) | NTP Servers | NTP | NTP Client connection |
| 22 | TCP | NSX Application Platform (NAPP) | Management SCP Servers | SSH (upload support bundle, backups, etc.) |
SSH for backup |
| 53 | UDP | NSX Application Platform (NAPP) | DNS Servers | DNS | DNS Client connection |
| 53 | TCP | NSX Application Platform (NAPP) | DNS Servers | DNS | DNS Client connection |
| 443 | TCP | NSX Unified Appliance | NSX Threat Intelligence Cloud Service (NTICS) |
NSX Manager accesses NTICS over https | For IDS Signature download |
| 80 | TCP | Cloud Service Manager (CSM) | Public Cloud Gateway (PCG) | CSM configuration, such as upgrade workflow, over HTTPS. |
|
| 443 | TCP | Cloud Service Manager (CSM) | NSX Manager | CSM to access NSX Manager. | |
| 443 | TCP | NSX Manager | Public Cloud Gateway (PCG) | NSX RPC channel(s) | |
| 7442 | TCP | Cloud Service Manager (CSM) | Public Cloud Gateway (PCG) | CSM configuration, such as upgrade workflow, over HTTPS. Ensure your firewall allows SSL traffic over this non-standard port. |
|
| 500,4500 | 50,51 | NSX Edge Nodes | External IPSEC Peers | IPSEC VPN session | |
| 1236,443 | TCP | NSX Local Manager(s)/NSX Global Manager(s) |
NSX Local Manager(s)/NSX Global Manager(s) |
Federation Management plane and control plane communication between locations (Async Replicator) |
|
| 1167 | TCP | NSX Edge nodes | NSX Edge nodes | DHCP Lease Info Sync for HA over secure channel on Edge Management port |
|
| 9040 | TCP | NSX Manager | NSX Manager | Distributed Datastore | |
| 4789 | UDP | NSX Edge Nodes | External Routing Peers | VXLAN encap traffic | |
| 80 | TCP | NSX Edge nodes | Intermediate and Root CA Servers | Syslog (export over TLS). To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. |
|
| 514 | TCP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) |
|
| 514 | UDP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) |
|
| 6514 | TCP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) |
|
| 6514 | UDP | Host Transport Node | Syslog Servers | Syslog (Refer to the host syslog documenation) |
|
| 80 | TCP | Host Transport Node | Intermediate and Root CA servers | Syslog (export over TLS). To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. |
|
| 5671, 1234,
1235, 443 |
TCP | NSX Managers, NSX Edge nodes, Transport nodes |
NSX Manager | NSX messaging | |
| 8080 | TCP | NSX Managers, NSX Edge nodes, Transport nodes, vCenter Server |
NSX Manager | Install-upgrade HTTP repository | |
| 389,636 | TCP | NSX Manager | External LDAP server | Active Directory/LDAP | |
| 6081 | UDP | GENEVE Remote Tunnel End Point (RTEP) | GENEVE Remote Tunnel End Point (RTEP) | Federation Cross-location communication between Edge nodes in Federation |
|
| 443 | TCP | Management Clients | NSX Autonomous Edge Nodes | HTTPS | |
| 3784, 3785, 4784 | UDP | NSX Edge nodes, Transport nodes | NSX Edge nodes | BFD between the Transport node TEP IP address in the data. |
|
| 3784, 3785, 4784 | UDP | NSX Edge Nodes | External Routing Peers | BFD for static routes and BGP peers. | |
| 443 | TCP | NSX Edge Nodes | api.nsx-sec-prod.com & *.amazonaws.com |
Edge uses management network to download URL Categories/Reputation from cloud for NSX URL Analysis |
|
| 443 | TCP | NSX Managers | github.com | Download IDS Signature from Trustwave Signature Repository. |
|
| 1235 | TCP | NSX Edge nodes | NSX Manager | Lower Control Plane (LCP) to Central Control Plane (CCP) communication |
|
| 2480 | TCP | NSX Edge nodes | NSX Edge nodes | Nestdb | |
| 6666 | TCP | NSX Edge nodes | NSX Edge nodes | NSX Cloud – NSX Edge local communication. |
|
| 50263 | UDP | NSX Edge nodes | NSX Edge nodes | High-Availability | |
| 443 | TCP | NSX Edge nodes | NSX Manager | HTTPS | |
| 1234 | TCP | NSX Edge nodes | NSX Manager | NSX Messaging channel to NSX Manager | |
| 8080 | TCP | NSX Edge nodes | NSX Manager | NAPI, NSX-T Data Center upgrade | |
| 123 | UDP | NSX Edge nodes | NTP Servers | NTP | |
| 3000 – 9000 | TCP | NSX Edge nodes | OpenStack Nova API Server | Metadata proxy | |
| 161, 162 | TCP | NSX Edge nodes | SNMP Servers | SNMP | |
| 161, 162 | UDP | NSX Edge nodes | SNMP Servers | SNMP | |
| 514 | TCP | NSX Edge nodes | Syslog Servers | Syslog | |
| 514 | UDP | NSX Edge nodes | Syslog Servers | Syslog | |
| 6514 | TCP | NSX Edge nodes | Syslog Servers | Syslog | |
| 6514 | UDP | NSX Edge nodes | Syslog Servers | Syslog | |
| 33434 – 33523 | UDP | NSX Edge nodes | Traceroute Destination | Traceroute | |
| 123 | UDP | NTP Servers | NSX Edge nodes | NTP | |
| 161 | UDP | SNMP Servers | NSX Edge nodes | SNMP | |
| 53 | TCP | NSX Manager | DNS Servers | DNS | |
| 53 | UDP | NSX Manager | DNS Servers | DNS | |
| 22 | TCP | NSX Manager | Management SCP Servers | SSH (upload support bundle, backups, etc.) |
|
| 123 | UDP | NSX Manager | NTP Servers | NTP | |
| 161, 162 | TCP | NSX Manager | SNMP Servers | SNMP | |
| 161, 162 | UDP | NSX Manager | SNMP Servers | SNMP | |
| 514 | TCP | NSX Manager | Syslog Servers | Syslog | |
| 514 | UDP | NSX Manager | Syslog Servers | Syslog | |
| 6514 | TCP | NSX Manager | Syslog Servers | Syslog | |
| 6514 | UDP | NSX Manager | Syslog Servers | Syslog | |
| 80 | TCP | NSX Manager | Intermediate and Root CA Servers | Syslog (export over TLS).Note: To verify which TCP port must be used to retrieve the Certificate Revocation Lists (CRLs), verify against the CRL Distribution Point (CDP) URI of the certificate authority. |
|
| 33434-33523 | UDP | NSX Manager | Traceroute Destination | Traceroute | |
| 80 | TCP | NSX Manager | vCenter Server | NSX Manager to compute manager (vCenter Server) communication, when configured. |
|
| 443 | TCP | NSX Manager | vCenter Server | NSX Manager to compute manager (vCenter Server) communication, when configured. |
|
| 123 | UDP | NTP Servers | NSX Manager | NTP | |
| 22 | TCP | Management Clients | NSX Manager | SSH (Disabled by default) | |
| 443 | TCP | Management Clients | NSX Manager | NSX API server | |
| 161 | UDP | SNMP Servers | NSX Manager | SNMP | |
| 22 | TCP | Management Clients | NSX Edge nodes | SSH (Disabled by default) | |
| 5555 | TCP | NSX Agent | NSX Edge nodes | NSX Cloud – Agent on instance communicates to NSX Cloud Gateway. |
|
| 53 | UDP | NSX Edge nodes | DNS Servers | DNS | |
| 22 | TCP | NSX Edge nodes | Management SCP or SSH Servers | SSH | |
| 1235 | TCP | ESXi host | NSX Manager | Local Control Plane (LCP) to Central Control Plane (CCP) communication |
|
| 443 | TCP | ESXi and KVM host | NSX Manager | Management and provisioning connection |
|
| 443 | TCP | ESXi and KVM host | NSX Manager | Install and upgrade HTTP repository | |
| 6081 | UDP | GENEVE Termination End Point (TEP) | GENEVE Termination End Point (TEP) | Transport network | |
| 1234 | TCP | KVM host | NSX Manager | NSX Messaging channel to NSX Manager. AMPQ Communication channel to NSX Manager |
|
| 5671, 1235,
1234, 8080 |
TCP | Bare Metal server host | NSX Manager | AMPQ Communication channel to NSX Manager |
|
| 1235 | TCP | KVM host | NSX Manager | Local Control Plane (LCP) to Central Control Plane (CCP) communication |
|
| 8080 | TCP | KVM host | NSX Manager | Install and upgrade HTTP repository | |
| 443 | TCP | NSX Manager | ESXi host | Management and provisioning connection |
|
| 443 | TCP | NSX Manager | KVM host | Management and provisioning connection |
|
| 3784, 3785 | UDP | NSX-T Data Center transport node | NSX-T Data Center transport node | BFD Session between TEPs, in the datapath using TEP interface |
|
| 1234 | TCP | ESXi host | NSX Manager | NSX Messaging channel to NSX Manager. AMPQ Communication channel to NSX Manager |
|
| 103 | NSX Edge Nodes | External Routing Peers | PIM Routing session | ||
| 179 | TCP | NSX Edge Nodes | External Routing Peers | BGP Routing session | |
| 9000, 9040, 5671,
1234, 443, 8080 |
TCP | NSX Manager | NSX Manager | Distributed Datastore |