You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Web Client or at the command line.

Note: If different services have overlapping port rules, enabling one service might implicitly enable other services. You can specify which IP addresses are allowed to access each service on the host to avoid this problem.


  1. Browse to the host in the vSphere Web Client inventory.
  2. Click Configure.
  3. Under System, click Security Profile.
    The vSphere Web Client displays a list of active incoming and outgoing connections with the corresponding firewall ports.
  4. In the Firewall section, click Edit.
    The display shows firewall rule sets, which include the name of the rule and the associated information.
  5. Select the rule sets to enable, or deselect the rule sets to disable.
    Column Description
    Incoming Ports and Outgoing Ports The ports that the vSphere Web Client opens for the service
    Protocol Protocol that a service uses.
    Daemon Status of daemons associated with the service
  6. For some services, you can manage service details.
    • Use the Start, Stop, or Restart buttons to change the status of a service temporarily.
    • Change the Startup Policy to have the service start with the host or with port usage.
  7. For some services, you can explicitly specify IP addresses from which connections are allowed.
  8. Click OK.