You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Client, the vSphere Web Client, or at the command line.

Note: If different services have overlapping port rules, enabling one service might implicitly enable other services. You can specify which IP addresses are allowed to access each service on the host to avoid this problem.

Procedure

  1. Browse to the host in the inventory.
  2. Navigate to the Firewall section.
    Option Description
    vSphere Client
    1. Click Configure.
    2. Under System, click Firewall.
    vSphere Web Client
    1. Click Configure.
    2. Under System, click Security Profile.
    3. If necessary, scroll to the Firewall section.
    The display shows a list of active incoming and outgoing connections with the corresponding firewall ports.
  3. In the Firewall section, click Edit.
    The display shows firewall rule sets, which include the name of the rule and the associated information.
  4. Select the rule sets to enable, or deselect the rule sets to disable.
  5. For some services, you can also manage service details.
    Option Description
    vSphere Client Manage service details by navigating to Configure > Services under System.
    vSphere Web Client In the Service Details section, you can:
    • Use the Start, Stop, or Restart buttons to change the status of a service temporarily.
    • Change the Startup Policy to have the service start with the host or with port usage.
    For more information about starting, stopping, and restarting services, see Enable or Disable a Service.
  6. For some services, you can explicitly specify IP addresses from which connections are allowed.
    See Add Allowed IP Addresses for an ESXi Host.
  7. Click OK.