Ports used by CloudStack and its entities:
8787: CloudStack (Tomcat) debug socket
9090, 8250: CloudStack Management Server, User/Client API
7080: AWS API server 8080: Primary GUI / Authentication API Port
8096: User/Client to CloudStack Management Server (unauthenticated)
3306: MySQL Server
3922, 8250, 80/443, 111/2049, 53: Secondary Storage VM
3922, 8250, 53: Console Proxy VM
3922, 8250, 53: Virtual Router
22, 80, 8787: CloudStack (Tomcat) debug socket
9090: Cloudstack Management Cluster Interface
45219: JMX console
SystemVM Agent Communication - Must be open on Management Server
3922: Secure System secure communication port
8250: SystemVM to Management unsecure communication port
MySQL Server
3306: MySQL Server
Hypervisor
22/443: XenServer, XAPI
22: KVM
443: vCenter
External Ports
53: DNS: 53
NFS: 111/2049: NFS communication for Secondary Storage VM
860/3260: iSCSI communication port for iSCSI software connector
7080: AWS API server