It is important to work with your company IT or security teams to determine the network infrastructure for the site where the SD-WAN Edge 640 system is to be installed. If the SD-WAN Edge 640 system is to be connected behind a firewall, these settings must be in place for the product to function properly.
Protocol | Port | Description |
VeloCloud Multipath Protocol (VCMP) | UDP/2426 | VMware SD-WAN tunnel protocol |
HTTPS | TCP/443 | Needed for SD-WAN Orchestrator communication |
NTP | UDP/123 | Needed for time sync (security) |
DNS | UDP/53 | Needed for translation of SD-WAN Orchestrator URLs, among other use cases |
If the SD-WAN Edge 640 system is connected behind a NAT, UDP hole punching is used to open the ports for inbound VCMP traffic. To enable UDP hole punching, click Configure > Edge > Device > WAN Settings to edit the relevant overlay.
Protocol | Port | Description |
IKE | UDP/500 | Used by SD-WAN Edge 640 system to form IPSec tunnels with certain CSS solutions |
ESP | IP/50 | Used by SD-WAN Edge 640 system to form IPSec tunnels with certain CSS solutions |
NAT traversal | UDP/4500 | Needed to pass IKE and ESP over NAT |