kbinger
Contributor
Contributor

Cannot configure firewall using vSphere client (accessing ESX 4i)

Jump to solution

I cannot acess the firewall using the vSphere client connecting to an ESX 4i host. I select the host > configuration > security profile > and it briefly flashes Firewall, but then shows only the (two) services (VMware vCenter Agent (stopped) and NTP Daemon (started).

Any clues? I've restarted services (and the host itself).

0 Kudos
1 Solution

Accepted Solutions
DLeid
Expert
Expert

ESXi should be behind a firewall as it has no builtin firewall of it's own.

If you find this or any other information helpful or correct, please consider awarding points.

If you find this or any other information helpful or correct, please consider awarding points.

View solution in original post

0 Kudos
12 Replies
DLeid
Expert
Expert

ESXi should be behind a firewall as it has no builtin firewall of it's own.

If you find this or any other information helpful or correct, please consider awarding points.

If you find this or any other information helpful or correct, please consider awarding points.
0 Kudos
Texiwill
Leadership
Leadership

Hello,

Unlike ESX, ESXi does not contain a built in firewall, that is why there is nothing to configure. The Management Ports on your ESXi are designed to be placed behind an additional firewall which could be virtual depending on your virtual network. If you want a built-in firewall at the moment you should switch to ESX.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
kbinger
Contributor
Contributor

Thanks, I soon found this out. It just happened to be the port I needed was 22 (SSH for a P2V application) which was not blocked; rather disabled by defualt. I enabled this and got everything working.

0 Kudos
DLeid
Expert
Expert

Great.

Glad its working out for you. We all need a nudge now and then Smiley Wink

If you find this or any other information helpful or correct, please consider awarding points.

If you find this or any other information helpful or correct, please consider awarding points.
0 Kudos
Texiwill
Leadership
Leadership

Hello,

You will once more want to disable that port once you are done with it or as we stated stick the management appliance behind a firewall. Once you enable SSH you have put a crack in ESXi's security. Since there is no defense in depth even opening SSH up could be an issue.


Best regards,

Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
Josh26
Virtuoso
Virtuoso

ESXi should be behind a firewall as it has no builtin firewall of it's own.

If you find this or any other information helpful or correct, please consider awarding points.

That said, it doesn't run SSH by default, in fact it listens on exactly the ports a user is likely to open on a firewall.

There's not a lot to actually firewall off.

0 Kudos
dwhatd
Contributor
Contributor

I have the same issue, but I'm not sure how to enable port 22. Any chance of posting some hints. Thanks

0 Kudos

This is all you have to do - http://www.vm-help.com/esx40i/ESXi_enable_SSH.php.

Dave

VMware Communities User Moderator

New book in town - vSphere Quick Start Guide -http://www.yellow-bricks.com/2009/08/12/new-book-in-town-vsphere-quick-start-guide/.

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL - http://www.vm-help.com/forum/viewforum.php?f=21.

0 Kudos
guitarboy006
Contributor
Contributor

How do you open up ports in ESXi 3.5? I am a new to using VMware's console and am working on setting up a consolidated backup system. Currently I can't view my VCenter Datacenter from my VCB proxy which I believe is due to firewall issues.

Any help is grealy appreciated!

Thanks

0 Kudos

Welcome to the VMware Community forums. With ESXi there is no integrated firewall as you find with ESX so you don't have to open any ports.




Dave

VMware Communities User Moderator

New book in town - vSphere Quick Start Guide -http://www.yellow-bricks.com/2009/08/12/new-book-in-town-vsphere-quick-start-guide/.

Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL - http://www.vm-help.com/forum/viewforum.php?f=21.

0 Kudos
guitarboy006
Contributor
Contributor

Thanks for the help. I'm wondering if you might be able to continue to point me in the right direction...

I'm using Vcenter 2.5 to manage my ESX(i) hosts and recently installed consolidated backup as well as symantec exec backup. I installed my VCB proxy on a win2k3 machine and installed the Symantec software and the integration module as well. My problem is that when I open the symantec software, there is a Tree cluster that shows you can browse the VC.

This is not available to me. As soon as I click the + sign, its as if it doesn't exist anymore. Any idea on what I may be doing wrong? I can't get the software on the VCB to recognize my VC.

0 Kudos
DSTAVERT
Immortal
Immortal

guitarboy006

Create a new post and fully explain your problem. You are far more likely to get responses. This question shows as answered.

-- David -- VMware Communities Moderator
0 Kudos