VMware Cloud Community
jkslz
Contributor
Contributor

Can't communicate with other virtual machines when firewall is on.

I have a small network that consist of one esxi host, one server 2003 vm and two xp vm's. I am managing the vm's through Vsphere. When I turn the firewall off on the vm's I can ping the other machine's. But when the firewall is enabled I can't ping the other machines. I have opened TCP ports 427, 443, 80, 902, and 903. What other ports do I need to open in order for the vm's to communicate with each other when the firewall is turned on?

Reply
0 Kudos
7 Replies
AntonVZhbankov
Immortal
Immortal

Which firewall? Firewall on ESXi does not affect VMs, it protects ESXi management interface only.

Or do you mean Windows firewall?


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
jkslz
Contributor
Contributor

Yes, I mean the windows firewall.

Reply
0 Kudos
AntonVZhbankov
Immortal
Immortal

So treat them like physical machines in this case, this firewall has nothing common with VMware and you don't need to open port 902 etc.


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
jkslz
Contributor
Contributor

That's what I thought. I was treating like physical machines. It's just weird how I can ping other machines when the windows firewall is off but when it's on I am getting "request timed out message". Any ideas?

Reply
0 Kudos
AntonVZhbankov
Immortal
Immortal

That's standard Windows firewall behavior, it drops ICMP packets (protocol used for ping).

I suppose it is described in details in Microsoft courses 70-270 (XP), 70-620 (Vista), 70-291 (Windows 2003 Networking) and 70-642 (Windows 2008 Networking).


---

MCP, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
jkslz
Contributor
Contributor

Ok. I have worked in many environments but haven't had this behavior before. It won't even let me connect new computers to the domain with the windows firewall on much less contact the dc. So, I guess this is normal windows firewall issue.

Reply
0 Kudos
AntonVZhbankov
Immortal
Immortal

If you consider any comment as helpful, please award points Smiley Happy


---

MCP, MCTS, VCP, VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos