Open Firewall Ports

The following ports must be opened in the firewalls in both the organization and cloud service provider sites. The # reference numbers refer to the architecture diagrams on the following pages:

Port # Description
22 9, 24 During Virtual Replication Appliance (VRA) installation on ESXi 5.1 and higher for communication between the Zerto Virtual Manager (ZVM) and the ESXi hosts IPs and for ongoing communication between the ZVM in the cloud site – but not the customer site – and a Zerto Cloud Connector.
443 2, 6, 8, 19 During VRA installation on ESX/ESXi hosts for communication between the ZVM and the ESX/ESXi hosts IPs and for ongoing communication between the ZVM and vCenter Server and vCloud Director.
4005 10 Log collection between the ZVM and VRAs on the same site.
4006 11 TCP communication between the ZVM and VRAs and the VBA on the same site.
4007 16, 21 TCP control communication between protecting and recovering VRAs and between a Zerto Cloud Connector and VRAs.
4008 17, 25 TCP communication between VRAs to pass data from protected virtual machines to a VRA on a recovery site and between a Zerto Cloud Connector and VRAs.
4009 12 TCP communication between the ZVM and site VRAs to handle checkpoints.
5672 20 TCP communication between the ZVM and vCloud Director for access to AMQP messaging.
7073  

Internal port, used only on the ZVM VM. Used for communication with the service in charge of collecting data for the Zerto Resource Planner.

Note: Unless you select the checkbox ‘Enable Support notification and product improvement feedback’, data is not transmitted to Zerto Analytics.
9080 1, 13, 15, 18
HTTP communication between the ZVM and Zerto internal APIs, a Zerto Cloud Manager (ZCM), cmdlets, which should only be available to a customer using DRaaS and not ICDR.
HTTP communication between ZVM and Zerto Cloud Manager (ZCM). When the customer's ZCM is v5.5 and above, and their ZVM is v5.0, communication is via this port.
9081 7, 23, 27 TCP communication between ZVMs and between a customer ZVM and a Zerto Cloud Connector. This port must not be changed when providing DRaaS.
9082 and up 22, 26, 28, 29 Two ports for each VRA (one for port 4007 and one for port 4008) accessed via the Zerto Cloud Connector installed by the cloud service provider. There is directionality to these ports. Use a port range starting with port 9082. For example, Customer A network has 3 VRAs and customer B network has 2 VRAs and the cloud service provider management network has 4 VRAs, then the following ports must be open in the firewall for each cloud: The cloud service provider's VRAs need to use 6 ports to reach customer A's VRAs, while customer A's VRAs need 8 ports to reach the cloud's VRAs. The cloud service provider's VRAs need to use 4 ports to reach customer B's VRAs, while customer B's VRAs need 8 ports to reach the cloud's VRAs.
9180 32 Communication between the VBA and VRA.
9669 3, 4, 5, 14 HTTPS communication between:
Machines running Zerto User Interface and Zerto Virtual Manager
Zerto Virtual Manager and Zerto REST APIs
ZVM and Zerto Cloud Manager (ZCM). When the customer's ZCM and ZVM are both v5.5 and above, communication is via this port.
9779 30 HTTPS communication between the Zerto Self-Service Portal for in-cloud (ICDR) customers and a ZVM.
9989 31 HTTPS communication between the browser and the Zerto Cloud Manager.