Enable/configure/disable services in the ESXi firewall

As stated previously, only the required ports are open on the ESXi firewall. But, using the vSphere Web Client, it's possible to manage incoming and outgoing firewall rules. Usually, firewall rules are related to specific ESXi services.

It's possible to manage service settings and/or firewall rules in the Security Profile menu, under the Configure tab of each host:

The first part (Firewall) shows all active incoming and outgoing rules, with their corresponding firewall ports.

Firewall rules can be modified by clicking on the Edit button in the Firewall section:

You can enable or disable a specific firewall rule, and you can also specify which logical network address is authorized to use the selected service.

The second part (Services) shows all of the configured services, and their statuses. It's possible to manage them with the Edit button, in the Services section:

In the Service Details section, you can see the status, and also perform some tasks:

• Manage the services status: Use the Start, Stop, or Restart buttons
• Define how services are started: With the Startup Policy, you can choose how each service must be started, with one of the following three startup policies:
  • Start and stop with host
  • Start and stop manually
  • Start and stop with port usage

For more information, see the vSphere 6.5 Security Guide (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-9C8A0CD0-1664-4F21-B75A-541C03E37233.html).