If you connect clients directly to your ESX network instead of using vCenter Server, your firewall configuration is somewhat simpler.

You might install firewalls at any of the locations shown in Firewall Configuration for ESX Networks that a Client Manages Directly.


Depending on your configuration, you might not need all the firewalls in the illustration, or you might need firewalls in locations not shown.

Firewall Configuration for ESX Networks that a Client Manages Directly
Firewall configuration for ESX networks that a client directly manages

Networks configured without vCenter Server receive communications through the same types of clients as they do if vCenter Server were present: vSphere Clients, third-party network management clients, or vSphere Web Access Clients. For the most part, the firewall needs are the same, but there are several key differences.

As you would for configurations that include vCenter Server, be sure a firewall is present to protect your ESX layer or, depending on your configuration, your clients and ESX layer. This firewall provides basic protection for your network. The firewall ports you use are the same as those you use if vCenter Server is in place.

Licensing in this type of configuration is part of the ESX package that you install on each of the hosts. Because licensing is resident to the server, a separate license server is not required. This eliminates the need for a firewall between the license server and the ESX network.