ESXi includes a firewall between the management interface and the network. To ensure the integrity of the host, VMware has reduced the number of firewall ports that are open by default. The ESXi firewall is enabled by default. At installation time, the firewall is configured to block incoming and outgoing traffic, except traffic for the default services. The firewall also allows Internet Control Message Protocol (ICMP) pings and communication with DHCP and DNS (UDP only) clients.
From the host Security Profile panel, you can configure firewall properties for this host. The Secuirty Profile panel lists the incoming and outgoing connections for the firewall and the port each service uses. The panel also displays the IP addresses that are allowed to connect for each service. You can modify the list of services and the allowed IP addresses for each service.
You can add supported services and management agents that are required to operate the host by adding ruleset files to the ESXi firewall configuration file directory /etc/vmware/firewall/. You open or close ports for these services by enabling or disabling the service on the host's security profile in the vSphere Client.