Hi all, I have a vCenter 5.5 Update Manager which does not have internet access. We have open up firewall rules for it to reach vmware.com
On the firewall we have allow the traffic to the below on port 80 & 443. So far we don't see any traffic blocked, except the connection attempt is incomplete
204.51.149.4
208.91.0.132
On telnet, we are able to successfully telnet most except vmware.com port 443.
Currently the Update Manager is still unable to reach vmware.com, is there any missing ports or IP ?
I have log 3 cases with VMware and looking at the alternative to build a patch repository server which have internet access.
Would anyone be able to advise what ports is required between the VC & this patch repository server ?
You stated that you have opened up the ports for Update Manager on your firewall.....Do you also have a proxy server/web proxy/web filter? When I installed this even though during the installation of this I overlooked the Proxy settings. To fix this I setup a bypass on the proxy and was able to get updates coming in. I had a similar issue as I could not see any traffic on the firewall.
There's no proxy server or web proxy that I know of. I could check with the Network Team on that.
When u mention proxy settings, do you mean the ones on IE ?
Take a look on this KB article: VMware KB: VMware vCenter Update Manager network port requirements
Additionally, while the Update Manager server may be able to connect to vmware.com, it is possible downloads are failing due to internet filters that can deny access to sub-domains of vmware.com.
This is the default list of download sources for Update Manager:
- https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
- https://hostupdate.vmware.com/software/VUM/PRODUCTION/csco-main/csco-depot-index.xml
- http://vapp-updates.vmware.com/vai-catalog/index.xml
Note: If any of these addresses fail to display an XML page, the download for Update Manager patches will fail.
Alternatively, you may try install the Update Manager Download Service (UMDS) on another server with direct internet access, like a DMZ server.
Hi, please try opening Google page from IE and if you are able to open google from IE then also it is not reaching and then firewall or configuration will be the issue.
Yes I wasn't able to see the xml page.. most likley we didn't allow properly on the firewall.. but the whole environment does not allow the server to have full internet access.. i was thinking the only way is to build a UMDS server in the DMZ zone with full internet access.
After reading the KB i will need to allow the VC to reach the UMDS on port 8084 & 9087 ?
Yes.. google page does not work as the server is not allow to have full internet access... instead on the firewall we allow specific ports to the IP of vmware.com (204.51.149.4 & 208.91.0.132)
Did you already read my post above where I show additional URL that must be allowed on firewall ?
See: Re: Update Manager unable to reach vmware
Sorry i overlook it ... i will get the additional url on firewall ...