ESXi ships with a software firewall that is configured by default to block outgoing connection requests. When an indication is triggered, the producer cannot open a connection to the consumer unless the target port is opened in the firewall.

When you create an indication subscription, the CIMOM opens the corresponding port in the firewall for you. To check the firewall configuration, use these commands:

■	esxcli network firewall get tells you whether the firewall is enabled.
■	esxcli network firewall ruleset list tells you which specific services are enabled.

To disable or enable the firewall, use these commands:

■	esxcli network firewall set -e false disables the firewall.
■	esxcli network firewall set -e true enables the firewall.

It is also possible to create rulesets to open or close firewall ports manually. For information about manual firewall configuration for ESXi, see the vSphere Security Guide.

For information about the esxcli command set, see the manual Getting Started with vSphere Command-Line Interfaces.