- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Team,
Following services are selected on ESXi firewall , just want to know which service is safe to stop as we have audit in our environment also want to know the the detail info related to these services
regards
Mr Vmware
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Well, it all depends upon the environment need your server is placed.
For ex: if you dont want users to meddle with ssh to the server, then you can stop the SSH,
NTP is not configured, then you can stop NTP.
N1KV* does note to Cisco switch. So I wouldnt recommend to stop it, if you are using Cisco N1K
Do refer to the VMware Security Hardening Guides | United States
on the required services for ESXi to work and securing them ![]()
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Welcome to communities.
DHCP client if you are not running DHCP server and NTP client if not using
Global NTP server for synchronisation.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
When you install ESXi 5 the firewall is enabled by default, with it only allowing the essential traffic, and denying the rest. You can manage the firewall using the vSphere client, or from the CLI.
In the vSphere client the firewall settings can be accessed from the Security Profile section of the Configuration tab:
By accessing the firewall properties you can see which ports are open and which services are started:
Clicking the ‘Firewall’ button will allow you to allow connections only from specific IP addresses/ranges:
Service Automation
You can choose how to start services by clicking on the services properties:
Clicking options will allow you to change how the service starts:
You have the following options for starting services:
- Start automatically if any ports are open, and stop when all ports are closed
- Start and stop with host
- Start and stop manually (Select this to effectively disable the service)
Working with the Firewall using the GUI is fairly straight forward so, for the rest of this post I’ll focus on interacting with the ESXi firewall using the CLI.
Using ESXCLI to Configure the ESXi Firewall
With ESXi 5 the esxcfg-firewall command has been replaced by the esxcli network firewall command/namespace. You can list the current status of the firewall by running:
esxcli network firewall get
To enable and disable the firewall service we can use the following commands:
esxcli network firewall set –enabled false
esxcli network firewall set –enabled true
To list the current firewall rules you can run:
esxcli network firewall rulesset list
We can enable a rule by running
esxcli network firewall ruleset –enabled true –ruleset-id rulesetName






