You can configure firewall properties to allow or deny access for a service or management agent.

You add information about allowed services and management agents to the host configuration file. You can enable or disable these services and agents using the vSphere Client or at the command line.
Note: If different services have overlapping port rules, enabling one service might implicitly enable overlapping services. To minimize the effects of this behavior, you can specify which IP addresses are allowed to access each service on the host.


  1. Select the host in the inventory panel.
  2. Click the Configuration tab, then in the Software section, click Security Profile.
    The vSphere Client displays a list of active incoming and outgoing connections with the corresponding firewall ports.
  3. In the Firewall section, click Properties.
    The Firewall Properties dialog box lists all the rule sets that you can configure for the host.
  4. Select the rule sets to enable, or deselect the rule sets to disable.
    The Incoming Ports and Outgoing Ports columns indicate the ports that the vSphere Client opens for the service. The Protocol column indicates the protocol that the service uses. The Daemon column indicates the status of daemons associated with the service.
  5. Click OK.