Discovery of vCenter thru a firewall - ports needed?

David77
Giga Guru

We've successfully Discovered vCenters w/in our firewall, but now need to do one outside our firewall. 
To date, I requested to have the following ports opened, however, (Jakarta) Discovery is still failing, so am asking which ports must be opened for a successful credentialed Discovery?  

TCP/22 - SSH

TCP/135 - WMi

TCP/445 - WMi 

TCP/443 - vCenter

TCP 902 - vCenter

The expectation is we will start with the vCenter and then move on to a few stand-alone physical servers running Windows or UNIX. 

Thanks. 

1 ACCEPTED SOLUTION

By default, the VMWare - vCenter Datacenters probe runs on port 443, which is the standard port for the https protocol. The port probes for vCenter run on these ports:

  • vmapp6_https: 9443
  • vmapp_https: 5480

View solution in original post

11 REPLIES 11

Vini
Giga Guru

Hi Dave,

 

VCenter discovery works based on Query vSphere API so please make sure to open port number# 443 on bi directional method.

each organization has it's own firewall standards so please check with Firewall team to check the connectivity between MiD IP and vCenter IP.

 Hope this Helps…If so, please mark this as correct answer.

 

Thanks & Regards,

Vinil.

David77
Giga Guru

Vinil, thanks, as noted above we do have port 443 open, although I failed to mention they are all bidirectional. 

doug_schulze
ServiceNow Employee
ServiceNow Employee

Most likely because the windows systems that use dynamic high ports. For that type of discovery, you pretty much need an any/any rule to get a full discovery.

 

See the ports and protocols required here.

 

I'd suggest just putting a mid on the other side of that firewall...

David77
Giga Guru

Thanks, unfortunately, due to the security stance at our organization, I have to be specific in what I ask for ....