Port requirements for ONTAP tools
By default, ONTAP tools uses designated ports to enable communication between its components, which include storage systems and the VMware vCenter Server. If you have firewalls enabled, you must ensure that the firewalls are set to allow exceptions.
For firewalls other than Windows, you should manually grant access to specific ports that ONTAP tools uses. If you do not grant access to these ports, an error message such as the following is displayed.
Unable to communicate with the server.
ONTAP tools uses the following default bidirectional TCP ports:
Default port number |
Description |
9083 |
When enabled, both VASA Provider and Storage Replication Adapter (SRA) use this port to communicate with the vCenter Server. This port is also required for obtaining the TCP/IP settings. This port needs to be enabled on the firewall from ESXi hosts to the ONTAP tools for VMware vSphere appliance. This port is used to download VP support bundle, access Web-CLI user interface, and control path communication from VMware to VP. |
443 |
Depending on how you have configured your credentials, the VMware vCenter Server and the storage systems listen for secure communications on this port. The port is used in client-server communication architecture. The 443 port is enabled by default for secure connections. The client, which can be any automation client that uses REST API, initiates the connection to the server and the end points exchange data. |
8143 |
ONTAP tools listens for secure communications on this port. The port is used in client-server communication architecture. The client, which can be any automation client that uses REST API, initiates the connection to the server and the end points exchange data. This port is enabled for ONTAP tools services and for exporting ONTAP tools server logs. The register.html page is hosted on this port. The REST swagger is exposed on this port. |
8443 |
This port is used for ONTAP tools for VMware vSphere plugin service. |
7 |
ONTAP tools sends an echo request to ONTAP to verify reachability and is required only when adding storage system and can be disabled later. |
You should have enabled Internet Control Message Protocol (ICMP) before deploying the ONTAP tools. |
If ICMP is disabled, then the initial configuration of ONTAP tools fails, and ONTAP tools cannot start the ONTAP tools for VMware vSphere and VASA Provider services after deployment. You must manually enable the ONTAP tools for VMware vSphere and VASA Provider services after deployment.