You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Client or at the command line.

This task describes how to use the vSphere Client to configure ESXi firewall settings. You can use the ESXi Shell or ESXCLI commands to configure ESXi at the command line to automate the firewall configuration. See Getting Started with ESXCLI for an introduction, and ESXCLI Concepts and Examples for examples of using ESXCLI to manipulate firewalls and firewall rules.

Note: If different services have overlapping port rules, enabling one service might implicitly enable other services. You can specify which IP addresses are allowed to access each service on the host to avoid this problem.

Procedure

  1. Log in to the vCenter Server by using the vSphere Client.
  2. Browse to the host in the inventory.
  3. Click Configure, then click Firewall under System.
    You can toggle between incoming and outgoing connections by clicking Incoming and Outgoing.
  4. In the Firewall section, click Edit.
  5. Select from one of the three service groups, Ungrouped, Secure Shell, and Simple Network Management Protocol.
  6. Select the rule sets to enable, or deselect the rule sets to disable.
  7. For some services, you can also manage service details by navigating to Configure > Services under System.
    For more information about starting, stopping, and restarting services, see Enable or Disable a Service.
  8. For some services, you can explicitly specify IP addresses from which connections are allowed.
    See Add Allowed IP Addresses for an ESXi Host.
  9. Click OK.