Disaster Recovery - Port Requirements


In an environment with firewalls, the vCenter, ESX servers, and access nodes (VSA proxies) must be able to communicate with each other. To ensure that all components can communicate through the firewall, ensure that the ports for web services (default: 443) and TCP/IP (default: 902) are opened for bidirectional communication on each of these machines.

Prior to performing any operations, ensure that the following port requirements are met.

If the MediaAgent and access node are deployed on different machines, open these ports on both machines.









The MediaAgent and access node communicate with the ESX server and vCenter through this port.

Port for web service (default: 443) must be opened. If vCenter is configured to use non-default ports, the non-default ports must also be opened.

Note: If a non-default port is used with VDDK 5.5, operations can fail. See KB Article VMW0013.

MediaAgent and access node

ESX server and vCenter


VMware NFC


The MediaAgent and access node communicate with the ESX server through this port.

Ports for web service (default: 443) and TCP/IP (default: 902) must be opened for the vStorage APIs for Data Protection.

MediaAgent and access node

ESX server



If you are using multiple access nodes in a single VM group, open the CVD port (by default 8400) for all access nodes in the VM group, to enable the coordinator node and other proxies to communicate. The CVD port is used to establish communication between proxies using a randomly selected port. To enable communication between access nodes, you must configure the network route.