VMware Cloud Community
nonfatalexec
Contributor
Contributor
‎06-29-2017 11:19 AM
Jump to solution

Firewall requirements for vSphere 6.5

I'm planning to setup a vSphere Hypervisor 6.5 in a secured environment and would like to know what outgoing and/or incoming network connections are required for normal operation. I'm planning to buy a license for 6 processors. Incoming/outgoing network connections are on a permissive basis. I would like to avoid the scenario where a VM would suddenly stop working because of a firewall issue.

Thanks!

Reply
1 Solution

Accepted Solutions
ITaaP
Enthusiast
Enthusiast
‎06-30-2017 12:48 PM
Jump to solution

VMware doesn't validate licenses like that. Internally, yes you need certain ports open for different features to work. Externally, there should not be any requirements for Internet through the firewall.

https://tactsol.com https://vmware.solutions

View solution in original post

Reply
6 Replies
dekoshal
Hot Shot
Hot Shot
‎06-29-2017 11:58 AM
Jump to solution

Have a look at this

Incoming and Outgoing Firewall Ports for ESXi Hosts

If you found this or any other answer helpful, please consider the use of the Correct or Helpful to award points.

Best Regards,

Deepak Koshal

CNE|CLA|CWMA|VCP4|VCP5|CCAH

Reply
nonfatalexec
Contributor
Contributor
‎06-30-2017 07:46 AM
Jump to solution

Sorry, the link you provided does not answer the question. The firewall I'm referring to relates to the "secured environment", which you can think of as a hardened network for which the machine is connected to. No traffic inbound/outbound from machines in this network is authorized without being whitelisted.

Reply
0 Kudos
nonfatalexec
Contributor
Contributor
‎06-30-2017 12:26 PM
Jump to solution

Thanks for the documentation on security within the vSphere environment. I will consider this in the stage after. It still doesn't answer my question.

Suppose the vSphere machine attempts to connect to xyz.com port 80 to validate the vSphere license, but the firewall in my secured environment did not let this outbound connection, would vSphere suspend my VM? If so, I would have to allow the outbound connection in the firewall to xyz.com port 80.

Reply
0 Kudos
SureshKumarMuth
Commander
Commander
‎06-30-2017 12:46 PM
Jump to solution

I dont think Esxi need internet connectivity to validate license, none of our Esxi hosts have internet connectivity and the licenses are applied properly.

In that case when licenses are applied , vms will not be suspended.

You may check articles related to licensing requirement.

Apart from that, enabling ports are dependent on your requirement. In general port 443,902,80,8000 are most needed for basic operations.

Regards,
Suresh
https://vconnectit.wordpress.com/
Reply
ITaaP
Enthusiast
Enthusiast
‎06-30-2017 12:48 PM
Jump to solution

VMware doesn't validate licenses like that. Internally, yes you need certain ports open for different features to work. Externally, there should not be any requirements for Internet through the firewall.

https://tactsol.com https://vmware.solutions
Reply