Can you give a bit more context?
Did you add the new rules directly into the services.xml on the ESXi node?
Where is the content of $SecurityProfile1 coming from? Is that something you read in from a file?
And is there a specific reason you need a blank in the new FW rule?