If you connect clients directly to your ESXi network instead of using vCenter Server, your firewall configuration is somewhat simpler.

Networks configured without vCenter Server receive communications through the same types of clients as they do if vCenter Server were present: the vSphere Client or third-party network management clients. For the most part, the firewall needs are the same, but there are several key differences.

As you would for configurations that include vCenter Server, be sure a firewall is present to protect your ESXi layer or, depending on your configuration, your clients and ESXi layer. This firewall provides basic protection for your network. The firewall ports you use are the same as those you use if vCenter Server is in place.

Licensing in this type of configuration is part of the ESXi package that you install on each of the hosts. Because licensing is resident to the server, a separate license server is not required. This eliminates the need for a firewall between the license server and the ESXi network.