Information
Configure the ESXi host firewall to restrict access to services running on the host.
Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to only allow access from authorized networks. This guideline is focused specifically on two types of access. SSH (which is disabled by default) and vSphere Web Access running on Port 80.
Modification of firewall rules for any other service may have a negative impact on the overall operation. Best practices state that ESXi and vCenter should be running in a separate network.
This guideline will show how to limit access to the SSH and Web server to IP address ranges to further limit the scope of vulnerability.
http://pubs.vmware.com/vsphere-65/topic/com.vmware.vsphere.security.doc/GUID-8912DD42-C6EA-4299-9B10-5F3AEA52C605.html
Solution
From the vSphere web client, select the host and click "Configure" -> "Settings" -> "System" -> "Security Profile".
For each enabled services for both incoming and outgoing connections set a proper network/IP Range after deselecting "Allow connections from any IP address" checkbox.