We have a remote datacenter that conains esxi hosts.
Our security requirements for that datacenter only allow initiating network connections from our local vcenter to the remote datacenter.
Can we manage remote esxi hosts from a local vcenter with firewall rules that only allow initiated connections from local to remote.
Ports for vcenter to esxi:
Port Protocol Source Target Purpose
443 TCP vCenter Server ESX/ESXi Host vCenter Agent
902 UDP vCenter Server ESX/ESXi Host Heartbeat
903 TCP vCenter Server ESX/ESXi Host VI/vSphere Client to VM Console (after connection established between VI/vSphere Client and vCenter)
The difficulty lies in allowing udp traffic from our remote datacenter to come back to the our local vcenter.
We can add the hosts (with our existing firewall rules) to vcenter, but the heartbeats never arrive so vcenter loses the esxi host in a few minutes.