I have a separation into two networks:
1) Port group "VM Network" (192.168.10.x / vmnic5 / vSwitch0) and
2) Port group "Internet" (192.168.2.x / vmnic4 / vSwitch1)

There is one VM inside the "VM Network" and and it can access all other computers outside the ESXi via vmnic5 (ping in and out works). So, all good.

The issue: Within the Internet-Network, I can only access the VMs inside ESXi. Ping in and out works but only within ESXi VMs. Once I want to reach any computer via vmnic4, it looks like the network traffic goes out (since the router on 192.168.2.1 sees an incoming request), but it cannot ping in or out. I get "Destination host unreachable".

To double check that it is no firewall issue or any other setup issue inside the VMs, I installed a CentOs VM together with the Windows Server 2019 VM and they can be reached inside the ESXi but no outside ESXi traffic is possible.
I also double checked the connection, it is connected.

I have ESXi-Version: 7.0.3 (I had the same setup running in version 5.x and everything worked).
Are there any additional settings or a hidden ESXi firewall that disables any ingress/engress traffic to VMs?
Any further hints for trouble shooting are much appreciated!