ESXi includes a firewall between the management interface and the network. The firewall is enabled by default.
At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for the default services listed in TCP and UDP Ports.
- From the security profile for each host.
- Using ESXCLI commands to modify firewall rules, from the command line or in scripts. See ESXi Firewall Configuration.
- Using a custom VIB if the port you want to open is not included in the security profile. You create custom VIBs with the vibauthor tool available from VMware Labs. To install the custom VIB, you have to change the acceptance level of the the ESXi host to CommunitySupported. See VMware Knowledge Base Article 2007381.
Note: If you engage VMware Technical Support to investigate a problem on an ESXi host with a CommunitySupported VIB installed, VMware Support might request that this CommunitySupported VIB be uninstalled as a troubleshooting step to determine if that VIB is related to the problem being investigated.
You can view supported services and management agents that are required to operate the host in the host's Security Profile section in the vSphere Web Client.