1. Make sure the Monitoring Server is able to access tcp port 5989 (cim) on the ESX(i) server. Alternatively you can also set a different port with the -C parameter if you have a special DNAT or port forwarding in place.
2. Check if sfcbd-watchdog service, running on the ESXi server.
You were right the port was blocked by the Firewall. Stupid me, couldnt find it first but after checking every other port with telnet it got me