Port 9443 : Is redirected with the strict-transport-security header. Scanner should be adjusted accordingly. Proven by curl command: curl -L -kv https://$HOSTNAME:9443 | grep Strict-Transport-Security
Port 7444 : This port was originally used in vCenter 5.5 by the STS but it is not used in 6.5 onwards.
Customers running 6.5/6.7/7.0 appliances in their environment can disable this port to increase security.
Note:- Port 7444 will no longer be exposed in a future version of 7.x.
Workaround: Disable the firewall configuration exposing port 7444.
1. Remove the firewall configuration file
rm -f /etc/vmware/appliance/firewall/vmware-sso
2. Reboot the system or reload the firewall rules
/usr/lib/applmgmt/networking/bin/firewall-reload
To restore the original configuration that exposes port 7444:
1. Restore the symbolic link to the configuration file
/bin/ln -s -f /usr/lib/vmware-sso/firewall/sso-firewall.json /etc/vmware/appliance/firewall/vmware-sso
2. Reboot the system or reload the firewall rules
/usr/lib/applmgmt/networking/bin/firewall-reload
Port 5443 : This has not been report to VMware security team. Please file a SR with VMware Support and provide the scanner report