VMware has just released a new KB article covering all the firewall ports requirements for the following products:
- Consolidated Backup
- Converter 3.x
- Converter 4.x
- Data Recovery
- ESX 3.x
- ESX 4.x
- ESXi 3.x
- ESXi 4.x
- Guided Consolidation
- Lab Manager
- Orchestrator
- Site Recovery Manager
- Stage Manager
- Update Manager
- vCenter 2.5.x
- vCenter 4.x
- View 3.x
- View 4.x
- View/VDM 2.x
This is something that has been sorely missing from VMware’s official documentation. Some of the PDFs just don’t give the detail you would normally expect. However this KB contains all the headers that a firewall engineer would need. Great stuff.
http://kb.vmware.com/kb/1012382
Of course if you want to get a feel for the overall environment, then Dudley Smith’s fantastic Firewall Ports Diagram is still the best resource out there:
http://www.vreference.com/2009/09/22/firewall-diagram-updated-to-version-3/
I just noticed that it is missing the following for ESX 4 (and maybe 4i):
“5900-5964 RFB protocol, which is used by management tools such as VNC Incoming and outgoing TCP”
See ESX Configuration Guide 4.0U1 Page 152
It would also be nice to show if the ESX ports are from the COS or VMkernel interface.
Agreed, having them listed by COS/vKernel/VMotion/FT/etc would be very helpful since they’d usually be VLAN’d apart.
Well there are also some ports missing for Data Recovery, 902, 443 and 53 which is required by the appliance.. http://www.mingle-mangle.org/2009/08/vmware-data-recovery-and-ports/
Marcus
Hi Marcus,
I know 443 is a requirement, but can you point me to a VMware source which states it needs 902 and 53? Or is this just from personal experience?
Thanks, Forbes.