We decided to change the SSH port for ESXi following the instructions in this article:
After doing so, we realized that actually the command
esxcli network firewall refresh
returns with an error
"More than one instance of tag found, expected only one."
I checked the XML, and actually there is something wrong with the example configuration given in the article above:
The second "protocol" entry must actually be changed to "porttype" to conform to the service.xml specification.
Now the crazy thing is, with the malformed TCPALLOUT entry and refresh throwing an error, I can access via SSH on the newly defined port.
Without the TCPALLOUT entry, I have no SSH access.
And if I fix "protocol" to "porttype" in the entry and refresh, I instantly lose SSH access completely.
How does that fit together?