You can specify which networks are allowed to connect to each service that is running on the host.

You can use the vSphere Client or the command line to update the Allowed IP list for a service. By default, all IP addresses are allowed.


Browse to the host in the vSphere Web Client inventory.


Click the Manage tab and click Settings.


Under System, click Security Profile.


In the Firewall section, click Edit and select a service from the list.


In the Allowed IP Addresses section, deselect Allow connections from any IP address and enter the IP addresses of networks that are allowed to connect to the host.

You can enter IP addresses in the following formats:,, 2001::1/64, or fd3e:29a6:0a81:e478::/64.


Click OK.