JarryG
Expert
Expert
‎09-24-2015 11:32 AM

Can not disable vsanvp firewall rule...

I'm trying to tighten a little bit security of my solo ESXi 6.0 server by disabling unnecessary services/rules, so I want to disable firewall rule for vsanvp. But when I try it (using native client), all I get is the message:

Call "HostFirewallSystem.DisableRuleset" for object "firewallSystem" on ESXi "<my_esxi_IP>" failed.

And Security Profile still shows I have allowed incomming/outgoing connections for vsanvp.

vSphere 6.0 docu says:

VSAN VASA Vendor Provider. Used by the Storage Management Service (SMS) that is part of vCenter to access information about Virtual SAN storage profiles, capabilities, and compliance. If disabled, Virtual SAN Storage Profile Based Management (SPBM) does not work.

But I'm using neither vCenter nor virtual san-storage. So why I still can not disable firewall rule for vsanvp?

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! :winking_face:
Reply
0 Kudos
danpritts3
Contributor
Contributor
‎11-18-2015 08:17 PM

I am having the same problem. 

In lieu of disabling it entirely, I restricted it to an unused IP range. 

esxcli network firewall ruleset allowedip add -i 10.x.y.z/31 -r vsanvp

Reply
0 Kudos
AndyDodsworth
Enthusiast
Enthusiast
‎06-16-2016 03:01 PM

Interested to know if either of you had an update on a fix other than removing IP range?

Reply
0 Kudos
msjagadish
VMware Employee
VMware Employee
‎06-23-2016 09:58 PM

Hello,

I don't it is recommended to disable "vsanvp" firewall rule. This is a required parameter on a ESXi host.

Vmware KB for reference : http://kb.vmware.com/kb/2092598

I hope this answers your query.

Best Regards,

Jagadish M S

Regards, MSJ (Please mark this as answered if it answer's your query)
Reply
0 Kudos