You can open service console firewall ports when you install third-party devices, services, and agents. Before you open ports to support the item you are installing, see vendor specifications to determine the necessary ports.

Use this procedure only to open ports for services or agents that are not configurable through the vSphere Client.


VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-firewall command. Using any other methods or scripts to open firewall ports can lead to unexpected behavior.


Log in to the service console and acquire root privileges.


Use the following command to open the port.

esxcfg-firewall --openPort port_number,tcp|udp,in|out,port_name

port_number is the vendor-specified port number.

Use tcp for TCP traffic or udp for UDP traffic.

Use in to open the port for inbound traffic or out to open it for outbound traffic.

port_name is a descriptive name to help identify the service or agent using the port. A unique name is not required.

For example:

esxcfg-firewall --openPort 6380,tcp,in,Navisphere

Run the following command to restart the vmware-hostd process.

service mgmt-vmware restart