Hello all,

I have some questions regarding the  esxcfg-firewall if it´s allowed to me put make some questions in the same post.

When i run the command esxcfg-firewall command, i have the information

Neither incoming nor outgoing ports blocked by default.

Enable services: CIxxxx Vxxx xxxxxxpsserver xxxxxxxxx Lxxxxxxx  sshServer  (xxxxxxx replaced).

Opened ports:

<empty>

I assume that this is the low security of the server.

1. If i run the command esxcfg-firewall  --blockIncoming --blockOutgoing i will configure the firewall with the hight severity which is my purpose.

    With this command i imagine that the ports opened by default will be still opened for the services which use them, i mean the default services opened by default, this is correct?

2. How can i know which ports are being used by these "Enable default services"? the command esxcfg-firewall -q <service> just says "service enable".

Because as a mentioned before, now the Opened ports information is empty.

The command which shows all the services and ports opened after the high severity configuration have being loaded.

3 I saw in some previous posts regarding this thema that the command esxcfg-firewall -q cmd shows some usefull information but this command doesn´t works in my server.

4. On the  http://www.vmware.com/pdf/vi3_301_201_server_config.pdf, on page 239 says that only ports 902, 443, 80 and 22 are opened by default with high severity configuration, and what about all the Enable services which i mentioned in the begining 1? which ports they use?

I'm sorry for the long post.

Many thanks

Checo.