You can customize many of the essential security settings for your ESXi host through the Firewall, Services, and Security Profile panels available in the vSphere Client . The Security Profile is especially useful for single host management. If you are managing multiple hosts, consider using one of the VMware CLIs or SDKs and automating the customization.
What to read next
Configuring the ESXi Firewall ESXi includes a firewall that is enabled by default. At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the security profile of the host. You manage the firewall using the vSphere Client , the CLI, and the API.Activate or Deactivate an ESXi Service ESXi services from the vSphere Client . Configuring and Managing Lockdown Mode on ESXi Hosts ESXi hosts, you can put them in lockdown mode. In lockdown mode, operations must be performed through vCenter Server by default. Using vSphere Installation Bundles to Perform Secure Updates ESXi with ESXCLI requires an understanding of vSphere Installation Bundles, image profiles, and software depots.Manage the Acceptance Levels of ESXi Hosts and vSphere Installation Bundles ESXi host depends on the level of the lowest VIB. If you want to allow lower-level VIBs, you can change the acceptance level of the host. You can remove CommunitySupported VIBs to be able to change the host acceptance level.
