Thanks, but the issue is that I now can't connect in any way to do anything. Any connection attempts via the DCUI command line brings back "connection to localhost failed: localhost", or via CLi SSH brings back "Connect to <server> failed: Connection failure".

Again, via SSH, I added the following to proxy.xml:

<httpPort>xx</httpPort>
<httpsPort>xxx</httpsPort>

Correct me if I'm wrong here, (and I hope I am) but as I understand it, now access to the VSphere Client, any remote SSH shell access or shell access via the direct DCUI uses ports xx and xxx only, not the default 80 and 443. And because the firewall is still up and running on ESXi 5, xx and xxx are blocked, but 80 and 443 are still 'available'. The issue is, I can't disable the firewall, or overwrite/restore the proxy.xml because I have no way through the firewall to carry out any commands at all. Again, I hope I'm wrong here.

If I'm not wrong, and there is no work around, the next question I have is this. If I use the 'Restore Default Settings' via the standard DCUI, will that restore the default proxy.xml file and allow access via 80 and 443, and therefore access through the ESXi 5 firewall and again give me access to the VSphere Client? This is a critical question, because I currently don't have access to any of the VM's via the Client and if I 'Restore Default Settings', the VM's are going to be killed. I'll have no access to them at all if this doesn't restore 80 and 443.

I find it hard to believe that you can't use the local keyboard and get into the ESXi shell / console.  You can't hit F2, logon as local root, then go to Troubleshooting options, and enable the shell?  From there you should be able to then <alt> - F1 and get a shell session.

See attached. From my <alt> f1 shell session, after I made the proxy.xml change via the same UI.

Why can't you just change the proxy.xml back via this interface, instead of playing with the firewall, to get it back working again?

Yes, this is correct. Thanks brucekconverg. Sorry for my being so thick. I was trying to do everything via esxcli commands. A simple vi edit of the file did the trick. For anyone else as daft as me, the file is here: /etc/vmware/hostd/proxy.xml You'll have to change the chmod to +w.

There ya go!  I was starting to wonder if I'd missed something!  Glad you got it working!

Out of curiousity, why did you change the ports to start with?

We use the host management nic for a VM as well. 80 and 443 are used for the public VM, so we use a different port to access the VM host machine. The client has a cheap router in front of it which only allows single port forwards. We updated from 4 to 5 here recently, and the change I made led to this ridiculous problem, which had a simple fix... thanks again.