ESXi includes a firewall that is enabled by default. At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the host security profile.

As you open ports on the firewall, consider that unrestricted access to services running on an ESXi host may expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to allow access only from authorized networks.

Note: The firewall also allows Internet Control Message Protocol, or ICMP, pings and communication with DHCP and DNS (UDP only) clients.