NSX for vSphere (NSX-v) includes Distributed Firewall (DFW), which is applied at vNICs of your Virtual Machines. This functionality is available in clusters provisioned for NSX, which in some cases would include the cluster where your vCenter VM is running. As a consequence, vCenter VM’s network connectivity would be the subject to DFW rules, and thus a possibility of getting yourself locked out by making a DFW rule change.
If you’re here because it happened to you, read on. 🙂
Telecom Occasionally 