Think of a vSwitch as a physical switch in a rack. On some of the ports you have your servers (VMs) and other ports are used as uplinks to e.g. a core switch or router. A vSwitch without uplinks (vmnics) will only allow traffic between VMs on the same vSwitch.
If you want to put the VM behind a virtual firewall you could create such an internal-only vSwitch and connect the VM to it. Then create a firewall VM (e.g. pfSense) with two network adapters, one connected to the internal vSwitch and one connected to your LAN vSwitch.
André