You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Web Client or at the command line.

Note

If different services have overlapping port rules, enabling one service might implicitly enable other services. You can specify which IP addresses are allowed to access each service on the host to avoid this problem.

1

Browse to the host in the vSphere Web Client inventory.

2

Click the Manage tab and click Settings.

3

Click Security Profile.

The vSphere Web Client displays a list of active incoming and outgoing connections with the corresponding firewall ports.

4

In the Firewall section, click Edit.

The display shows firewall rule sets, which include the name of the rule and the associated information.

5

Select the rule sets to enable, or deselect the rule sets to disable.

Column

Description

Incoming Ports and Outgoing Ports

The ports that the vSphere Web Client opens for the service

Protocol

Protocol that a service uses.

Daemon

Status of daemons associated with the service

6

For some services, you can manage service details.

Use the Start, Stop, or Restart buttons to change the status of a service temporarily.

Change the Startup Policy to have the service start with the host or with port usage.

7

For some services, you can explicitly specify IP addresses from which connections are allowed.

See Add Allowed IP Addresses for an ESXi Host.

8

Click OK.