Discovery of vCenter thru a firewall - ports needed?

David77 · ‎01-18-2019

We've successfully Discovered vCenters w/in our firewall, but now need to do one outside our firewall.
To date, I requested to have the following ports opened, however, (Jakarta) Discovery is still failing, so am asking which ports must be opened for a successful credentialed Discovery?

TCP/22 - SSH

TCP/135 - WMi

TCP/445 - WMi

TCP/443 - vCenter

TCP 902 - vCenter

The expectation is we will start with the vCenter and then move on to a few stand-alone physical servers running Windows or UNIX.

Thanks.

Ankush13 · ‎01-23-2019

By default, the VMWare - vCenter Datacenters probe runs on port 443, which is the standard port for the https protocol. The port probes for vCenter run on these ports:

vmapp6_https: 9443
vmapp_https: 5480

View solution in original post

Vini · ‎01-18-2019

Hi Dave,

VCenter discovery works based on Query vSphere API so please make sure to open port number# 443 on bi directional method.

each organization has it's own firewall standards so please check with Firewall team to check the connectivity between MiD IP and vCenter IP.

Hope this Helps…If so, please mark this as correct answer.

Thanks & Regards,

Vinil.

David77 · ‎01-18-2019

Vinil, thanks, as noted above we do have port 443 open, although I failed to mention they are all bidirectional.

doug_schulze · ‎01-18-2019

Most likely because the windows systems that use dynamic high ports. For that type of discovery, you pretty much need an any/any rule to get a full discovery.

See the ports and protocols required here.

I'd suggest just putting a mid on the other side of that firewall...

David77 · ‎01-22-2019

Thanks, unfortunately, due to the security stance at our organization, I have to be specific in what I ask for ....