Good Evening:

So I am trying to determine what are the bare minimum firewall ports for ESXi6/vCenter6 that I must leave open incoming from the Net for management?

Both my ESXi servers and my vCenter are behind a firewall, with intra-zone communication open between them, and open communication OUT to the web.  So there are no issues communicating between vCenter and the ESXi servers.  So on a management IP, is there any reason to leave any ports open to the world incoming?  DNS and NTP will be outgoing, so I can't really think of any.  But before I lock 'em down for good, I'm asking just in case someone knows something I don't, or in case I'm geeking out and missing something obvious.

For management, I'll be using a VPN connection to connect to the web client, and do any management.

As Always,

Don