You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Client or at the command line.

This task describes how to use the vSphere Client to configure ESXi firewall settings. You can use the ESXi Shell or ESXCLI commands to configure ESXi at the command line to automate the firewall configuration. See Getting Started with ESXCLI for an introduction, and ESXCLI Concepts and Examples for examples of using ESXCLI to manipulate firewalls and firewall rules.

Note: If different services have overlapping port rules, enabling one service might implicitly enable other services. You can specify which IP addresses are allowed to access each service on the host to avoid this problem.


  1. Browse to the host in the inventory.
  2. Click Configure, then click Firewall under System.
    The display shows a list of active incoming and outgoing connections with the corresponding firewall ports.
  3. In the Firewall section, click Edit.
    The display shows firewall rule sets, which include the name of the rule and the associated information.
  4. Select the rule sets to enable, or deselect the rule sets to disable.
  5. For some services, you can also manage service details by navigating to Configure > Services under System.
    For more information about starting, stopping, and restarting services, see Enable or Disable a Service.
  6. For some services, you can explicitly specify IP addresses from which connections are allowed.
  7. Click OK.