not all my ESXi has the same NTP, so I'm asking if there's a way to get the current NTP IP from ESXi and allow them in the firewall rule?
If you configure an NTP source, the firewall should automatically allow it.
unfortunately is not the case, and NTP already configured and not allowed on the firewall rule
The ESXi firewall should allow it, but your upstream firewalls may not. Ensure you know where the blocking is happening.
I think I misspoke. In fact it is in the firewall rules, vCenter level when we check the authorized IP addresses for NTP client. At this level we find the option "All IP" or authorized IP
PS C:\Users\Jeroen> Get-Help Get-VMHostNtpServer
NAME
Get-VMHostNtpServer
SYNOPSIS
This cmdlet retrieves the NTP servers on the specified hosts.
SYNTAX
Get-VMHostNtpServer [-VMHost] <VMHost[]> [-Server <VIServer[]>] [<CommonParameters>]
DESCRIPTION
This cmdlet retrieves the NTP servers on the specified hosts.
RELATED LINKS
Online Version: https://code.vmware.com/doc/preview?id=6330#/doc/Get-VMHostNtpServer.html
Add-VMHostNtpServer
Remove-VMHostNtpServer
REMARKS
To see the examples, type: "get-help Get-VMHostNtpServer -examples".
For more information, type: "get-help Get-VMHostNtpServer -detailed".
For technical information, type: "get-help Get-VMHostNtpServer -full".
For online help, type: "get-help Get-VMHostNtpServer -online"