At the service console type: esxcfg-firewall -o <port,tcp|udp,in|out,name> to open whatever ports you need.

Try temporarily stopping the firewall to see if it resolves the problem, that way you'll know if it's your ESX firewall that's mis-configured or something else.

/etc/init.d/firewall stop from the service console.

You're welcome.

Thanks for the correct/helpful post points.

I figured out that the ports needed for Networker are inbound tcp on 7937 and 7938 and outbound on 7937 - 9936. I didn't know how to put in a range of ports for the firewall so I contacted support on this and here is his reply:

Unfortunately the esxcfg-firewall command cannot add a range of ports, as strange as this may sound.

I have done some investigating on this however, and found that edit the /etc/vmware/firewall/services.xml file and add a new service to so this. I have no documentation on the proper syntax for this, however by reviewing the file you can get a picture of what exactly it should look like. In general you will want to go to the bottom of the file and add a section that looks like this:

<service id='00xx'>
<id>NAME_OF_SERVICE</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<port type='dst'>
<begin>PORT_BEGIN</begin>
<end>PORT_END</end>
</port>
</rule>
<rule id='0001'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<port type='dst'>
<begin>PORT_BEGIN</begin>
<end>PORT_END</end>
</port>
</rule>
</service>

WHERE:
-service id='00xx' - is the next available service ID when you are looking at the last service entry in the services.xml file.
-NAME_OF_SERVICE - the name of the new service/ports you want to open
-PORT_BEGIN - the beginning port number
-PORT_END - the ending port number

This generates a rule that opens the ports you have in PORT_BEGIN and PORT_END for both incoming and outgoing tcp communication. Once this is saved, do a service firewall restart, and once this is done, you should be able to go into the VI client - Select the server that you made the configuration change on, Click Configuration-->Security Profile and then hit the properties button. On this page you will be able to select the newly added service and click to enable.

Once this is done you can than use esxcfg-firewall -q command to see if the port configuration was successfully added, and also test the backup software.

Now those directions are great, but the one thing missing is that you also have to do a service mgmt-vmware command on the server to make the service show up in the console. Also the last service ID changes from ESX3.0 to ESX3.0.1. The last service ID in 3.0 is 25 and the last one in 3.0.1 is 27, they added two services in there. So I started thinking what happens with the next release if they decide to add more services, so I made the ID 50. That is assuming that they don't just overwrite that file during the upgrade.

Hope this helps someone!

Brian Shaw