<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: required firewall service details in ESXi Discussions</title>
    <link>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928945#M79279</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Well, it all depends upon the environment need your server is placed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;For ex: if you dont want users to meddle with ssh to the server, then you can stop the SSH,&lt;/P&gt;&lt;P&gt;NTP is not configured, then you can stop NTP.&lt;/P&gt;&lt;P&gt;N1KV* does note to Cisco switch. So I wouldnt recommend to stop it, if you are using Cisco N1K&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do refer to the &lt;A href="http://www.vmware.com/security/hardening-guides" title="http://www.vmware.com/security/hardening-guides"&gt;VMware Security Hardening Guides | United States &lt;/A&gt;&lt;/P&gt;&lt;P&gt;on the required services for ESXi to work and securing them &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Mon, 26 May 2014 12:25:26 GMT</pubDate>
    <dc:creator>zXi_Gamer</dc:creator>
    <dc:date>2014-05-26T12:25:26Z</dc:date>
    <item>
      <title>required firewall service details</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928944#M79278</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;BR /&gt;Dear Team,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Following services are selected on ESXi firewall , just want to know which service is safe to stop as we have audit in our environment also want to know the the detail info related to these services&lt;/P&gt;&lt;P&gt;&lt;span class="lia-inline-image-display-wrapper" image-alt="Firewall.JPG"&gt;&lt;img src="https://communities.vmware.com/t5/image/serverpage/image-id/52250iC812523DDBC76CD3/image-size/large?v=v2&amp;amp;px=999" role="button" title="Firewall.JPG" alt="Firewall.JPG" /&gt;&lt;/span&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;regards&lt;/P&gt;&lt;P&gt;Mr Vmware&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 26 May 2014 11:51:24 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928944#M79278</guid>
      <dc:creator>MrVmware9423</dc:creator>
      <dc:date>2014-05-26T11:51:24Z</dc:date>
    </item>
    <item>
      <title>Re: required firewall service details</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928945#M79279</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Well, it all depends upon the environment need your server is placed.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;For ex: if you dont want users to meddle with ssh to the server, then you can stop the SSH,&lt;/P&gt;&lt;P&gt;NTP is not configured, then you can stop NTP.&lt;/P&gt;&lt;P&gt;N1KV* does note to Cisco switch. So I wouldnt recommend to stop it, if you are using Cisco N1K&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Do refer to the &lt;A href="http://www.vmware.com/security/hardening-guides" title="http://www.vmware.com/security/hardening-guides"&gt;VMware Security Hardening Guides | United States &lt;/A&gt;&lt;/P&gt;&lt;P&gt;on the required services for ESXi to work and securing them &lt;img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://communities.vmware.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 26 May 2014 12:25:26 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928945#M79279</guid>
      <dc:creator>zXi_Gamer</dc:creator>
      <dc:date>2014-05-26T12:25:26Z</dc:date>
    </item>
    <item>
      <title>Re: required firewall service details</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928946#M79280</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Welcome to communities.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;DHCP client if you are not running DHCP server and NTP client if not using &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Global NTP server for synchronisation.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;DIV style="border-top: 1px dotted #ccc; padding-top: 10px; color: #666; font-size: 0.8889em;"&gt; &lt;/DIV&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Mon, 26 May 2014 20:21:36 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928946#M79280</guid>
      <dc:creator>lakshya32</dc:creator>
      <dc:date>2014-05-26T20:21:36Z</dc:date>
    </item>
    <item>
      <title>Re: required firewall service details</title>
      <link>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928947#M79281</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;When you install ESXi 5 the firewall is enabled by default, with it only allowing the essential traffic, and denying the rest. You can manage the firewall using the vSphere client, or from the CLI.&lt;/P&gt;&lt;P&gt;In the vSphere client the firewall settings can be accessed from the Security Profile section of the Configuration tab:&lt;/P&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall.jpg"&gt;&lt;IMG alt="esxi_firewall" class="wp-image-944 size-full alignnone jiveImage" height="428" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall.jpg" width="550" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;By accessing the firewall properties you can see which ports are open and which services are started:&lt;/P&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall2.jpg"&gt;&lt;IMG alt="esxi_firewall2" class="wp-image-946 size-full alignnone jiveImage" height="581" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall2.jpg" width="550" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Clicking the ‘Firewall’ button will allow you to allow connections only from specific IP addresses/ranges:&lt;/P&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall3.jpg"&gt;&lt;IMG alt="esxi_firewall3" class="wp-image-947 size-full alignnone jiveImage" height="271" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall3.jpg" width="502" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;H3&gt;Service Automation&lt;/H3&gt;&lt;P&gt;You can choose how to start services by clicking on the services properties:&lt;/P&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall4.jpg"&gt;&lt;IMG alt="esxi_firewall4" class="wp-image-948 size-full alignnone jiveImage" height="577" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall4.jpg" width="550" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;Clicking options will allow you to change how the service starts:&lt;/P&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall5.jpg"&gt;&lt;IMG alt="esxi_firewall5" class="size-full alignnone jiveImage wp-image-949" height="339" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall5.jpg" width="498" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;You have the following options for starting services:&lt;/P&gt;&lt;OL start="1"&gt;&lt;LI&gt;Start automatically if any ports are open, and stop when all ports are closed&lt;/LI&gt;&lt;LI&gt;Start and stop with host&lt;/LI&gt;&lt;LI&gt;Start and stop manually (Select this to effectively disable the service)&lt;/LI&gt;&lt;/OL&gt;&lt;P&gt;Working with the Firewall using the GUI is fairly straight forward so, for the rest of this post I’ll focus on interacting with the ESXi firewall using the CLI.&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;Using ESXCLI to Configure the ESXi Firewall&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;With ESXi 5 the esxcfg-firewall command has been replaced by the esxcli network firewall command/namespace. You can list the current status of the firewall by running:&lt;/P&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;&lt;P&gt;&lt;SPAN style="color: #800000;"&gt;esxcli network firewall get&lt;/SPAN&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall6.jpg"&gt;&lt;IMG alt="esxi_firewall6" class="size-full wp-image-950 alignnone jiveImage" height="73" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall6.jpg" width="268" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;To enable and disable the firewall service we can use the following commands:&lt;/P&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;&lt;P&gt;&lt;SPAN style="color: #800000;"&gt;esxcli network firewall set&amp;nbsp; –enabled false&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="color: #800000;"&gt;esxcli network firewall set&amp;nbsp; –enabled true&lt;/SPAN&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;To list the current firewall rules you can run:&lt;/P&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;&lt;P&gt;&lt;SPAN style="color: #800000;"&gt;esxcli network firewall rulesset list&lt;/SPAN&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;P&gt;&lt;A href="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall7.jpg"&gt;&lt;IMG alt="esxi_firewall7" class="size-full wp-image-951 alignnone jiveImage" height="260" src="http://buildvirtual.net/wp-content/uploads/2013/09/esxi_firewall7.jpg" width="329" /&gt;&lt;/A&gt;&lt;/P&gt;&lt;P&gt;We can enable a rule by running&lt;/P&gt;&lt;BLOCKQUOTE class="jive-quote"&gt;&lt;P&gt;&lt;SPAN style="color: #800000;"&gt;esxcli network firewall ruleset –enabled true –ruleset-id &lt;EM&gt;rulesetName&lt;/EM&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;/BLOCKQUOTE&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 27 May 2014 16:49:57 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/ESXi-Discussions/required-firewall-service-details/m-p/928947#M79281</guid>
      <dc:creator>King_Robert</dc:creator>
      <dc:date>2014-05-27T16:49:57Z</dc:date>
    </item>
  </channel>
</rss>

