If you have a firewall between two ESXi hosts and you want to allow transactions between the hosts or use vCenter Server to perform any source or target activities, such as vSphere High Availability (vSphere HA) traffic, migration, cloning, or vMotion, you must configure a connection through which the managed hosts can receive data.
To configure a connection for receiving data, open ports for traffic from services such as vSphere High Availability, vMotion, and vSphere Fault Tolerance. See ESXi Firewall Configuration for a discussion of configuration files, vSphere Web Client access, and firewall commands. See TCP and UDP Ports for a list of ports. Refer to the firewall system administrator for additional information on configuring the ports.