Last week i was working with a customer, who is planning to add firewall on their external ESXI on which they have public IP.
Their requirement was to have the exact list of ports required for this activity. We have worked and enabled the following:
Mandatory Ports:
- 22 – SSH (TCP)
- 53 – DNS (TCP and UDP)
- 80 – HTTP (TCP/UDP)
- 902 – vCenter Server / VMware Infrastructure Client – UDP for ESX/ESXi Heartbeat (UDP and TCP)
- 903 – Remote Access to VM Console (TCP)
- 443 – Web Access (TCP)
Optional Ports:
- 123 – NTP (UDP)
- 161, 162 – SNMP (UDP)
- 88 – Kerberos (UDP and TCP)
- 464 – Active Directory (TCP and UDP)
- 3260 – Software iSCSI (TCP)
For a complete list of ports, see: https://ports.vmware.com/
The list is valid all following version
- VMware vSphere ESXi 7.0.0
- VMware vSphere ESXi 7.0.0
- VMware vSphere ESXi 6.7
- VMware vSphere ESXi 6.5
- VMware vSphere ESXi 6.0
- VMware vSphere ESXi 5.5
- VMware vSphere ESXi 5.1
- VMware vSphere ESXi 5.0