VMware Cloud Community
Lagunapower
Contributor
Contributor

Firewall Rules

Hello,

I have to put this infrastructure in place

Dessin1.jpg

what firewall rules do I need?

Esx hosts are in 6.5

vCenter is VCSA 6.5

Cordially

7 Replies
daphnissov
Immortal
Immortal

You'll have to ask a much more specific question because the image you pasted and the few lines of text you've provided are extremely general.

Reply
0 Kudos
Lagunapower
Contributor
Contributor

I need to know which port i need to open between :

Admin -> VCSA

VCSA -> ESXi Hosts

VCSA -> Active directory

ESXi Hosts -> Active directory

Reply
0 Kudos
daphnissov
Immortal
Immortal

Go to the vSphere documentation page. All of this information is recorded in those guides.

Reply
0 Kudos
Lagunapower
Contributor
Contributor

For help peoples in my situation:

diagram esx.jpg

Reply
0 Kudos
MBreidenbach0
Hot Shot
Hot Shot

Depends on your usage and security requirements. There's no general ruleset.

Example:

Usually users don't need access to ESXi management. But there may be use cases where they really need vSphere VM console access. Which talks to ESXi management ports.

VMware Knowledge Base

Reply
0 Kudos
Lagunapower
Contributor
Contributor

I need a high secure environement.

So, Admin, ESX management, Vcenter, VM Network are on different network/VLAN.

Reply
0 Kudos
MBreidenbach0
Hot Shot
Hot Shot

First you need to define which communication is required and which is forbidden. Then you can define and implement a security policy and firewall rules are a part of that policy.

This is always a compromise between usability (access required and allowed) and security (access not required and forbidden).

There is no general ruleset to implement a 'high secure environment'.

For example 'normal' users might not need access to vSphere Management. But Administrators do. And service accounts for services like backup and monitoring. So access is required for SOME users.

EDIT: Other stuff do consider:

  • Persistent log storage
  • Password policy
  • Certificate management
  • Monitoring
  • Backup (and regular restore tests)
  • DR (and regular DR tests)
  • ...