After you deploy the vCenter Server Appliance, you can edit its firewall settings and create firewall rules using the Appliance Management Interface.

You can set up firewall rules to accept or block traffic between the vCenter Server Appliance and specific servers, hosts, or virtual machines. You cannot block specific ports, you block all the traffic.


Verify that the user who logs in to the vCenter Server instance in the vCenter Server Appliance is a member of the SystemConfiguration.Administrators group in vCenter Single Sign-On.


  1. In the vCenter Server Appliance Management Interface, click Firewall.
  2. Edit the firewall settings.
    Command Action
    1. To create a firewall rule, click Add.
    2. Select a network interface of the virtual machine.
    3. Enter the IP address of the network to apply this rule to.

      The IP address can be IPv4 and IPv6 address.

    4. Enter a subnet prefix length.
    5. From the Action drop-down menu, select whether to Accept, Ignore, Reject, or Return the connection between the vCenter Server Appliance and the network that you entered.
    6. Click Save.
    1. Select a rule and click Edit.
    2. Edit the settings of the rule.
    3. Click Save.
    1. Select a rule and click Delete.
    2. At the prompt, click Delete again.
    1. Select a rule and click Reorder.
    2. In the Reorder pane, select the rule to move.
    3. Click Move Up or Move Down.
    4. Click Save.