Keep looking around the vSphere client for a GUI-based way to open non-default firewall ports. You won’t find one. The vSphere client, whether pointed to a vSphere server or directly to an ESX host only enables access to modify the default, built-in firewall ports. If your needs require a port that isn’t already in the interface, you’ll need to open a hole for it using the Service Console.
You accomplish this with the esxcfg-firewall command. This command requires knowing the protocol (TCP versus UDP), port number, and direction (in versus out) for the traffic you want to allow to pass. You’ll also need a label for the exception.
For example, if your WidgetABC application requires bidirectional port 12345 over both TCP and UDP, you’ll need to run the command four times:
esxcfg-firewall --openPort 12345,tcp,in,WidgetABC
esxcfg-firewall --openPort 12345,tcp,out,WidgetABC
esxcfg-firewall --openPort 12345,udp,in,WidgetABC
esxcfg-firewall --openPort 12345,udp,out,WidgetABC