VMware Cloud Community
Schaedle
Enthusiast
Enthusiast

source port 9080 from ESXi to some high ports to vCenter > firewall "problem"

Hi,

I mentioned that our firewall blocked some high ports from the ESXi servers (6.x) to the vCenter appliance (6.7). I did not find any information about these ports but I mentioned that all connections come from the same source port 9080. Seems to have something to do with I/O filters.

This here is an example list from our firewall:

ports.jpg

At the moment I don't know how to handle this. Is there a way to define the destination port or what can I do instead of the firewall blocks this all the time. Currently we don't use any I/O filters.

Thanks Wolfgang

Reply
0 Kudos
4 Replies
diegodco31
Leadership
Leadership

Check if the following VMware KB article helps: VMware Knowledge Base

Diego Oliveira
LinkedIn: http://www.linkedin.com/in/dcodiego
Reply
0 Kudos
SureshKumarMuth
Commander
Commander

The port 9080 is used by IO filters related to storage.

When a new host joins the cluster that has I/O filters, the filters installed on the cluster are deployed on the host. vCenter Server registers the I/O filter storage provider for the host. Any cluster changes become visible in the VM Storage Policies interface of the vSphere Web Client

When you move a host out of a cluster or remove it from vCenter Server, the I/O filters are uninstalled from the host. vCenter Server unregisters the I/O filter storage provider.

In case if you are sure that you are not using the storage IO filters then you can proceed to disable the option at cluster level and check if the traffic still passes thru firewall.

Uninstall I/O Filters from a Cluster

To know about IO filters, read the following article

Filtering Virtual Machine I/O

Regards,
Suresh
https://vconnectit.wordpress.com/
Reply
0 Kudos
Schaedle
Enthusiast
Enthusiast

I found several documents with such a port list, but none of them has listed these destination ports which are mentioned in my screenshot.

Reply
0 Kudos
SureshKumarMuth
Commander
Commander

The destination port looks like a dynamic one which will be picked dynamically from the free ports at the time of session establishment.

Regards,
Suresh
https://vconnectit.wordpress.com/
Reply
0 Kudos