VMware Cloud Community
khaliqamar
Enthusiast
Enthusiast

vcsa firewall

i want to close all the connection to my vcsa via local firewall. every connection to vcsa should be closed  unless they are ESXi and couple of monitoring servers. I look on net but not able to find any good answer.

I have already gone through below kb article but everything is still pinging and i am able to login from everywhere as i was before. i have closed all the subnets which i dont required .. any help

VMware KB: Updating the vCenter Server Appliance (vCSA) firewall rules to DISA STIG compliance

vcenter appliance  version 5.5

Reply
0 Kudos
4 Replies
vNEX
Expert
Expert

Hi,

check this script:

https://github.com/jbfriedrich/vcenter55-firewall/blob/master/firewall.stig

_________________________________________________________________________________________ If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards, P.
Reply
0 Kudos
khaliqamar
Enthusiast
Enthusiast

yes i have seen it this is the same script as i mention in my post.

even after implementing a kb i can still ping from everywhere.

any idea how i can use iptables to stop all the traffic except the esxi and couple of more servers.

Reply
0 Kudos
vNEX
Expert
Expert

yes i have seen it this is the same script as i mention in my post.

you mention just KB which has nothing to do with the custom entries inside config file...

To get it working there must be proper entries/values which reflects exactly what you want ... this cannot be accomplished

by KB article itself it is just a baseline.

Can you post your config file for analysis?

_________________________________________________________________________________________ If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards, P.
Reply
0 Kudos
khaliqamar
Enthusiast
Enthusiast

here it is. I have commented all the ipv6 entries because i dont need it.

any suggestion on it

Reply
0 Kudos