VMware Networking Community
MinoDC
Enthusiast
Enthusiast
Jump to solution

Protect ESXi Kernel with NSX

Hi to all,

I've an infrastructure with vcsa 6.5 , esxi 6.5 and nsx 6.4...

i'm trying to protect esxi management (vmk0) through nsx, but I think that is impossible.

I tried with ip pool, mac set, in destination and any or ssh/icmp as protocol whitout success.

Is true that is not possible protect esxi mgmt. (kernel) with NSX ???

I can protect it only through esxi embedded firewall, right?

Thanks to all for any suggestions

1 Solution

Accepted Solutions
Sreec
VMware Employee
VMware Employee
Jump to solution

Yeah, Management Network should remain untouched from NSX feature perspective ,no one likes to chop the branch of a tree while sitting on it Smiley Wink . That being said you can certainly leverage DVS security features(Like IP filtering) if the use cases fall under that bucket and of-course physical network security remains the pillar for management network . Please do check Security Hardening Guides - VMware Security  , NSX and ESXI security guide are something that is worth checking since it covers all security best practices.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered

View solution in original post

1 Reply
Sreec
VMware Employee
VMware Employee
Jump to solution

Yeah, Management Network should remain untouched from NSX feature perspective ,no one likes to chop the branch of a tree while sitting on it Smiley Wink . That being said you can certainly leverage DVS security features(Like IP filtering) if the use cases fall under that bucket and of-course physical network security remains the pillar for management network . Please do check Security Hardening Guides - VMware Security  , NSX and ESXI security guide are something that is worth checking since it covers all security best practices.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 7x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered