VMware

This Question is Answered

2 "helpful" answers available (6 pts)
12 Replies Last post: Oct 22, 2009 3:03 AM by DSTAVERT  

Cannot configure firewall using vSphere client (accessing ESX 4i) posted: Jul 3, 2009 3:03 PM

Click to view kbinger's profile Novice
kbinger
3 posts since
Dec 11, 2008

I cannot acess the firewall using the vSphere client connecting to an ESX 4i host. I select the host > configuration > security profile > and it briefly flashes Firewall, but then shows only the (two) services (VMware vCenter Agent (stopped) and NTP Daemon (started).

Any clues? I've restarted services (and the host itself).

Attachments:
Tags: firewall, open, ports, securitty, profile

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

1. Jul 3, 2009 7:16 PM in response to: kbinger
Click to view DLeid's profile Expert
DLeid
312 posts since
Apr 26, 2006
ESXi should be behind a firewall as it has no builtin firewall of it's own.

If you find this or any other information helpful or correct, please consider awarding points.

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

2. Jul 6, 2009 12:46 PM in response to: DLeid
Click to view Texiwill's profile Guru User Moderators vExpert
Texiwill
10,432 posts since
Jan 13, 2004
Hello,

Unlike ESX, ESXi does not contain a built in firewall, that is why there is nothing to configure. The Management Ports on your ESXi are designed to be placed behind an additional firewall which could be virtual depending on your virtual network. If you want a built-in firewall at the moment you should switch to ESX.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

3. Jul 6, 2009 12:50 PM in response to: DLeid
Click to view kbinger's profile Novice
kbinger
3 posts since
Dec 11, 2008

Thanks, I soon found this out. It just happened to be the port I needed was 22 (SSH for a P2V application) which was not blocked; rather disabled by defualt. I enabled this and got everything working.


Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

4. Jul 6, 2009 1:35 PM in response to: kbinger
Click to view DLeid's profile Expert
DLeid
312 posts since
Apr 26, 2006

Great.

Glad its working out for you. We all need a nudge now and then ;)


If you find this or any other information helpful or correct, please consider awarding points.

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

5. Jul 6, 2009 2:12 PM in response to: kbinger
Click to view Texiwill's profile Guru User Moderators vExpert
Texiwill
10,432 posts since
Jan 13, 2004
Hello,

You will once more want to disable that port once you are done with it or as we stated stick the management appliance behind a firewall. Once you enable SSH you have put a crack in ESXi's security. Since there is no defense in depth even opening SSH up could be an issue.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

6. Jul 6, 2009 8:29 PM in response to: DLeid
Click to view Josh26's profile Expert
Josh26
282 posts since
Mar 15, 2009

DLeid wrote:ESXi should be behind a firewall as it has no builtin firewall of it's own.

If you find this or any other information helpful or correct, please consider awarding points.


That said, it doesn't run SSH by default, in fact it listens on exactly the ports a user is likely to open on a firewall.

There's not a lot to actually firewall off.

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

7. Aug 29, 2009 6:34 PM in response to: kbinger
Click to view dwhatd's profile Lurker
dwhatd
1 posts since
Aug 29, 2009
I have the same issue, but I'm not sure how to enable port 22. Any chance of posting some hints. Thanks

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

8. Aug 29, 2009 8:37 PM in response to: dwhatd
Click to view Dave.Mishchenko's profile Guru User Moderators vExpert
Dave.Mishchen…
9,179 posts since
Nov 15, 2005
This is all you have to do - http://www.vm-help.com/esx40i/ESXi_enable_SSH.php.

Dave
VMware Communities User Moderator

New book in town - vSphere Quick Start Guide -http://www.yellow-bricks.com/2009/08/12/new-book-in-town-vsphere-quick-start-guide/.
Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL - http://www.vm-help.com/forum/viewforum.php?f=21.

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

9. Oct 21, 2009 6:43 PM in response to: Texiwill
Click to view guitarboy006's profile Lurker
guitarboy006
2 posts since
Sep 21, 2009

How do you open up ports in ESXi 3.5? I am a new to using VMware's console and am working on setting up a consolidated backup system. Currently I can't view my VCenter Datacenter from my VCB proxy which I believe is due to firewall issues.

Any help is grealy appreciated!

Thanks

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

10. Oct 21, 2009 8:45 PM in response to: guitarboy006
Click to view Dave.Mishchenko's profile Guru User Moderators vExpert
Dave.Mishchen…
9,179 posts since
Nov 15, 2005
Welcome to the VMware Community forums. With ESXi there is no integrated firewall as you find with ESX so you don't have to open any ports.




Dave
VMware Communities User Moderator

New book in town - vSphere Quick Start Guide -http://www.yellow-bricks.com/2009/08/12/new-book-in-town-vsphere-quick-start-guide/.
Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL - http://www.vm-help.com/forum/viewforum.php?f=21.

Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

11. Oct 21, 2009 9:30 PM in response to: Dave.Mishchen…
Click to view guitarboy006's profile Lurker
guitarboy006
2 posts since
Sep 21, 2009

Thanks for the help. I'm wondering if you might be able to continue to point me in the right direction...

I'm using Vcenter 2.5 to manage my ESX(i) hosts and recently installed consolidated backup as well as symantec exec backup. I installed my VCB proxy on a win2k3 machine and installed the Symantec software and the integration module as well. My problem is that when I open the symantec software, there is a Tree cluster that shows you can browse the VC.

This is not available to me. As soon as I click the + sign, its as if it doesn't exist anymore. Any idea on what I may be doing wrong? I can't get the software on the VCB to recognize my VC.


Re: Cannot configure firewall using vSphere client (accessing ESX 4i)

12. Oct 22, 2009 3:03 AM in response to: guitarboy006
Click to view DSTAVERT's profile Champion
DSTAVERT
3,520 posts since
Nov 30, 2003
guitarboy006
Create a new post and fully explain your problem. You are far more likely to get responses. This question shows as answered.

Actions

VMware Beta Programs

Want to be Considered for Future Beta Programs?

Learn More

VMware Developer

Download SDKs, APIs, videos,
training, and more in the Developer community.

Learn More

Developer
Sample Code

Increase your developer productivity with VMware API sample code.

Learn More

VMworld
Sessions & Labs

Online access to the latest VMworld Sessions & Labs and online services.

Learn more

Purchase PSO Credits Online

Purchase credits to redeem training and consulting services online.

Buy Now

Community Hardware Software

View reported configurations or report your own.

Learn More

Only VMware ... Delivers Nexus 1000V

Ensure consistent, policy-based network capabilities to virtual machines across your data center.

Learn More

Communities