Since ESXi does not have any firewall capabilities I am trying to come up with security solution to protect the management port. I separated theVMKernel port on vSwitch0 on a separate subnet and connected it to a physical firewall VPN device. I can only connect to the VMkernel port through a VPN. I created a new vSwitch2 for the virtual machines and attached some existing VMs to that switch. Since the VMs will all be individually firewalled can I feel somewhat confident that access to the VMKernel port is protected.