VCAP-DCA Objective 7.2 : Configure and Maintain ESX Firewall

September 10, 2010   Sean Crookston   No comments

Knowledge

Identify vicfg-firewall commands

Explain the three firewall security levels

Identify ESX firewall architecture with/without vCenter Server

Skills and Abilities

Enable/Disable pre-configured services

  • esxcfg –e service
  • esxcfg –d service

Configure service behavior automation

Open/Close ports in the firewall

  • Allow syslog outgoing traffic:

  • esxcfg-firewall -o 514,udp,out,syslog

  • Close a port

  • esxcfg-firewall –c 514,udp,out,syslog

Create a custom service

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1001081

http://www.yellow-bricks.com/2007/12/31/howto-adding-a-firewall-service-on-esx/

Set firewall security level

  • View security level

  • esxcfg-firewall –q incoming

    esxcfg-firewall –q outgoing

  • Set medium security

  • esxcfg-firewall –-allowOutgoing –-blockIncoming

  • Set low security

  • esxcfg-firewall -–alloIncoming –allowOutgoing

  • Set high security (default)

  • esxcfg-firewall -–blockIncoming –blockOutgoing

  • Setting the level requires a restart of vmware-hostd

  • service mgmt-vmware resetart

Tools

ESX Configuration Guide
ESXi Configuration Guide
vSphere Command-Line Interface Installation and Scripting Guide
Product Documentation
vSphere Client
vSphere CLI
vicfg-firewall

Posted in: VCAP-DCA, VMware   Tags: , ,
«
»

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>