If you connect clients directly to your ESXi network instead of using vCenter Server, your firewall configuration is somewhat simpler.

You might install firewalls at any of the locations shown in Firewall Configuration for ESXi Networks that a Client Manages Directly.


Depending on your configuration, you might not need all the firewalls in the illustration, or you might need firewalls in locations not shown.

Firewall Configuration for ESXi Networks that a Client Manages Directly
Firewall configuration for ESXi networks that a client manages directly

Networks configured without vCenter Server receive communications through the same types of clients as they do if vCenter Server were present: vSphere Clients or third-party network management clients. For the most part, the firewall needs are the same, but there are several key differences.

As you would for configurations that include vCenter Server, be sure a firewall is present to protect your ESXi layer or, depending on your configuration, your clients and ESXi layer. This firewall provides basic protection for your network. The firewall ports you use are the same as those you use if vCenter Server is in place.

Licensing in this type of configuration is part of the ESXi package that you install on each of the hosts. Because licensing is resident to the server, a separate license server is not required. This eliminates the need for a firewall between the license server and the ESXi network.