Security administrators use firewalls to safeguard the network or selected components in the network from intrusion.

Firewalls control access to devices within their perimeter by closing all communication pathways, except for those that the administrator explicitly or implicitly designates as authorized. The pathways, or ports, that administrators open in the firewall allow traffic between devices on different sides of the firewall.

ESXi does not include a firewall because it runs a limited set of well-known services and prevents the addition of further services. With such restrictions, the factors that necessitate a firewall are significantly reduced.

No firewall is integrated in to ESXi. You must deploy a set of security technologies that is appropriate to your needs. For example, you might elect to install a firewall to filter traffic entering and leaving the network segment on which you have installed ESXi.

In a virtual machine environment, you can plan your layout for firewalls between components.

Physical machines such as vCenter Server hosts and ESXi hosts.

One virtual machine and another—for example, between a virtual machine acting as an external Web server and a virtual machine connected to your company’s internal network.

A physical machine and a virtual machine, such as when you place a firewall between a physical network adapter card and a virtual machine.

How you use firewalls in an ESXi configuration is based on how you plan to use the network and how secure any given component needs to be. For example, if you create a virtual network where each virtual machine is dedicated to running a different benchmark test suite for the same department, the risk of unwanted access from one virtual machine to the next is minimal. Therefore, a configuration where firewalls are present between the virtual machines is not necessary. However, to prevent interruption of a test run from an outside host, you might set up the configuration so that a firewall is present at the entry point of the virtual network to protect the entire set of virtual machines.