Hello,
I am using a fixed IP which is given by my ISP and accessing my ESXi host. In my configuration, only 1 IP allowed to access the hosts using the vsphere client. I just wanted secure my host and I believe I made a big mistake because now my ISP changed my fixed IP without informing me and they cannot reassign it back. So, I cannot access my host now. Apparently I forgot to add one more IP to the security profile and I locked myself out. I can see the host's screen so I want to add another IP or remove the IP restriction from the host's screen itself. Is this possible? I cannot find option for this. SSH has disabled and also restricted with the same IP. Lockdown mode has not been enabled. I have 2 important VMs running on the host's hard drive so I don't want to reset the configuration. I need some suggestions please if you know any other way thru the host's screen. I really feel stupid to not having any other IP on the security profile. Do I have to reset the configuration to set everything back?
Regards,
DP
Hi deepsecurity,
Welcome to the community.
Go to your direct access UI(the gray and yellow one) and click Alt+F1. You will enter local esxi shell. You can enter the command : esxcli network firewall ruleset allowedip add and add a new IP.
Let me know if it works.
Yes you can go to the Host profile and then security option to do any changes you want to do.
Click on Host----Configuration from right pane of the host properties.
Security profile----from the software section---Firewall and properties of Firewall
Hi deepsecurity,
Welcome to the community.
Go to your direct access UI(the gray and yellow one) and click Alt+F1. You will enter local esxi shell. You can enter the command : esxcli network firewall ruleset allowedip add and add a new IP.
Let me know if it works.
@Abhilash: Should work, but you forgot one portion (ruleset and allowed IP).
@deepsecurity: The commands you need to use, replace 192.168.2.1 with your own WAN IP:
esxcli network firewall ruleset allowedip add -r sshServer -i 192.168.2.1
esxcli network firewall ruleset allowedip add -r vSphereClient -i 192.168.2.1
For the rest of the procedure, you can stick to the post from Abhilash, just make sure to use the commands above in restoring your connectivity.
Thanks for completing the command. I had to specify the option but just wanted to leave it to the user. And if vsphere client is updated with new IP the SSH can be anyway updated later
Abhilash and tomtom901 thanks a lot! I was looking exactly for this shell. You saved me.
It was enough to enter "esxcli network firewall ruleset allowedip add -r vSphereClient -i MYIPADDRESS" on the shell and I have vsphere client access now.
I fixed all my IP access and at least now I know how to fix it if this happens again.
Thank you both for this valuable information.
Regards.
Great to see it was resolved. Nice (team)work Abhilash!