VMware Cloud Community
Ompakim
Contributor
Contributor
‎08-14-2019 05:30 AM
Jump to solution

Disable HTTP and some other ports on the ESXi Host

Hi,

I'm working on a project where I need to set up a VMware ESXi host, but the project owner demands that all ports should be closed unless properly accounted for.

In that regard, I've done a port scan and the following ports on my host seem to be open by default:

PORT     STATE  SERVICE

22/tcp   open   ssh

80/tcp   open   http

427/tcp  closed svrloc

443/tcp  open   https

902/tcp  open   iss-realsecure

5988/tcp closed wbem-http

5989/tcp closed wbem-https

8000/tcp open   http-alt

8300/tcp open   tmi

9080/tcp open   glrpc

68/udp   closed dhcpc

161/udp  closed snmp

427/udp  open   svrloc

My question is: Is it possible to disable http (but not https)?

I've found ways to disable web access entirely, but I still want the server to respond on https.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
MartinGustafsso
VMware Employee
VMware Employee
‎08-14-2019 06:04 AM
Jump to solution

Port 80 (HTTP) is a redirect to port 443 (HTTPS).

Why does this need to be disabled? Usually the firewall will control access.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

View solution in original post

0 Kudos
4 Replies
MartinGustafsso
VMware Employee
VMware Employee
‎08-14-2019 06:04 AM
Jump to solution

Port 80 (HTTP) is a redirect to port 443 (HTTPS).

Why does this need to be disabled? Usually the firewall will control access.

---------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

0 Kudos
Ompakim
Contributor
Contributor
‎08-14-2019 11:52 PM
Jump to solution

The unsafe ports should be inaccessible on the LAN as well, according to project manager.

But I suppose since it's just a redirect, I can inform them that it doesn't really present a security breach, since they've approved the use of https anyhow.

Thanks!

0 Kudos
ponyango
Contributor
Contributor
‎04-13-2023 01:08 AM
Jump to solution

We have noticed that the blade server (ESXi, OA and iLO) are responding to ports that are not needed for any of the datacenter processes.

Please advise how we can turn the unnecessary ports like (SIP, 2000) off.

I will be more than happy to get a solution from the forum.

opaul@techno-associates.co.ug  my email address

0 Kudos
CarlGromatzky
Contributor
Contributor
‎02-26-2024 02:02 PM
Jump to solution

That is not a valid resolution to reduction of vulnerability profile - should simply be disabled/shut off. How to shut down the port?

0 Kudos