https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799174#M175413 <HTML><HEAD></HEAD><BODY><P>I'm trying to tighten a little bit security of my solo ESXi 6.0 server by disabling unnecessary services/rules, so I want to disable firewall rule for vsanvp. But when I try it (using native client), all I get is the message:</P><P></P><P>Call "HostFirewallSystem.DisableRuleset" for object "firewallSystem" on ESXi "&lt;my_esxi_IP&gt;" failed.</P><P></P><P>And Security Profile still shows I have allowed incomming/outgoing connections for vsanvp.</P><P></P><P>vSphere 6.0 docu says:</P><P>VSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage profiles, capabilities, and compliance. If disabled, Virtual SAN Storage Profile Based Management (SPBM) does not work.</P><P></P><P>But I'm using neither vCenter nor virtual san-storage. So why I still can not disable firewall rule for vsanvp?</P></BODY></HTML> Thu, 24 Sep 2015 18:32:09 GMT JarryG 2015-09-24T18:32:09Z https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799174#M175413 <HTML><HEAD></HEAD><BODY><P>I'm trying to tighten a little bit security of my solo ESXi 6.0 server by disabling unnecessary services/rules, so I want to disable firewall rule for vsanvp. But when I try it (using native client), all I get is the message:</P><P></P><P>Call "HostFirewallSystem.DisableRuleset" for object "firewallSystem" on ESXi "&lt;my_esxi_IP&gt;" failed.</P><P></P><P>And Security Profile still shows I have allowed incomming/outgoing connections for vsanvp.</P><P></P><P>vSphere 6.0 docu says:</P><P>VSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage profiles, capabilities, and compliance. If disabled, Virtual SAN Storage Profile Based Management (SPBM) does not work.</P><P></P><P>But I'm using neither vCenter nor virtual san-storage. So why I still can not disable firewall rule for vsanvp?</P></BODY></HTML> Thu, 24 Sep 2015 18:32:09 GMT https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799174#M175413 JarryG 2015-09-24T18:32:09Z https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799175#M175414 <HTML><HEAD></HEAD><BODY><P>I am having the same problem.&nbsp; </P><P></P><P>In lieu of disabling it entirely, I restricted it to an unused IP range.&nbsp; </P><P></P><P><SPAN style="font-family: 'andale mono', times;">esxcli network firewall ruleset allowedip add -i 10.x.y.z/31 -r vsanvp</SPAN></P></BODY></HTML> Thu, 19 Nov 2015 04:17:23 GMT https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799175#M175414 danpritts3 2015-11-19T04:17:23Z https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799176#M175415 <HTML><HEAD></HEAD><BODY><P>Interested to know if either of you had an update on a fix other than removing IP range?</P></BODY></HTML> Thu, 16 Jun 2016 22:01:36 GMT https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799176#M175415 AndyDodsworth 2016-06-16T22:01:36Z https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799177#M175416 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I don't it is recommended to disable "vsanvp" firewall rule. This is a required parameter on a ESXi host.</P><P></P><P><SPAN>Vmware KB for reference : </SPAN><A class="jive-link-external-small" href="http://kb.vmware.com/kb/2092598" rel="nofollow">http://kb.vmware.com/kb/2092598</A></P><P></P><P>I hope this answers your query.</P><P></P><P>Best Regards,</P><P>Jagadish M S</P></BODY></HTML> Fri, 24 Jun 2016 04:58:41 GMT https://communities.vmware.com/t5/ESXi-Discussions/Can-not-disable-vsanvp-firewall-rule/m-p/1799177#M175416 msjagadish 2016-06-24T04:58:41Z