VMware vSphere Firewalling Helper
The vSphere Firewalling Helper is meant to assist organizations in protecting their environments, allowing them to build granular rules for access to vSphere management interfaces. It is intended to help document what is required for firewalling at the network level, at the perimeter of a VCF and/or vSphere deployment.
Internal ports (ports visible in netstat, listening on 127.0.0.1 or ::1, or not allowed through iptables) are inside the support boundary of the appliances and listed here in order to make customer regulatory compliance efforts (NERC CIP, PCI DSS 4.0, etc.) easier. Changes to appliance internals are not supported, may be overwritten during product updates and upgrades, and may cause operational issues, either directly or later during product updates and upgrades. Please consult with VMware Global Support Services.
This document is intended to provide general guidance for organizations that are considering VMware solutions. The information contained in this document is for educational and informational purposes only. This document is not intended to provide advice and is provided “AS IS.” VMware makes no claims, promises, or guarantees about the accuracy, completeness, or adequacy of the information contained herein. Organizations should engage appropriate legal, business, technical, and audit expertise within their specific organization for review of requirements and effectiveness of implementations.
Product development and the release of Updates for vSphere may impact the data in this tool.
This document covers VMware vSphere 6.5, 6.5, 7.0, and 8.0. Most recently, configurations were assessed against vSphere 7 Update 3 and vSphere 8 Update 1.
You can get the VMware vSphere Firewalling Helper from:
If you want to link to this content we maintain a permanent redirect:
While product changes may cause discrepancies we strive for 100% accuracy and appreciate feedback. Please use the Feedback mechanism at the top of this page to send us information if you see something amiss, or if there is an additional set of data that would be helpful if added here. Thank you.