You can specify which networks are allowed to connect to each service that is running on the host.

You can use the vSphere Client or the command line to update the Allowed IP list for a service. By default, all IP addresses are allowed.


  1. Select the host in the inventory panel.
  2. Click the Configuration tab and click Security Profile.
  3. In the Firewall section, click Properties.
  4. Select a service in the list and click Firewall.
  5. Select Only allow connections from the following networks and enter the IP addresses of networks that are allowed to connect to the host.
    You can enter IP addresses in the following formats:,, 2001::1/64, or fd3e:29a6:0a81:e478::/64.
  6. Click OK.