ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

Menu
  • Certification
      • VCP-DCV vSphere 8
          • vcp2024-125.
        • Close
    • Close
  • VMware
    • Configuration Maximums
    • vSphere
      • vSphere 8.0
      • vSphere 7.0
      • vSphere 6.7
      • vSphere 6.5
      • vSphere 6.0
      • Close
    • VMworld
      • VMware EXPLORE 2024
      • VMware EXPLORE 2023
      • VMware EXPLORE 2022
      • VMworld 2019
      • VMworld 2018
      • VMworld 2017
      • VMworld 2016
      • VMworld 2015
      • VMworld 2014
      • VMworld 2013
      • VMworld 2012
      • VMworld 2011
      • Close
    • Close
  • Microsoft
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Close
  • Categories
    • Tips – VMware, Microsoft and General IT tips and definitions, What is this?, How this works?
    • Server Virtualization – VMware ESXi, ESXi Free Hypervizor, VMware vSphere Server Virtualization, VMware Cloud and Datacenter Virtualization
    • Backup – Virtualization Backup Solutions, VMware vSphere Backup and ESXi backup solutions.
    • Desktop Virtualization – Desktop Virtualization, VMware Workstation, VMware Fusion, VMware Horizon View, tips and tutorials
    • How To – ESXi Tutorials, IT and virtualization tutorials, VMware ESXi 4.x, ESXi 5.x and VMware vSphere. VMware Workstation and other IT tutorials.
    • Free – Free virtualization utilities, ESXi Free, Monitoring and free backup utilities for ESXi and Hyper-V. Free IT tools.
    • Videos – VMware Virtualization Videos, VMware ESXi Videos, ESXi 4.x, ESXi 5.x tips and videos.
    • Home Lab
    • Reviews – Virtualization Software and reviews, Disaster and backup recovery software reviews. Virtual infrastructure monitoring software review.
    • Close
  • Partners
    • NAKIVO
    • StarWind
    • Zerto
    • Xorux
    • Close
  • This Web
    • News
    • ESXi Lab
    • About
    • Advertise
    • Archives
    • Disclaimer
    • PDFs and Books
    • Close
  • Free
  • Privacy policy

ESXi Firewall – How to restrict IP addresses to secure ESXi

By Vladan SEGET | Last Updated: March 13, 2023

Shares

ESXi Firewall – How to secure ESXi host by allowing only certain IP adresses or IP ranges. After a fresh installation of ESXi, the host's firewall isn't configured with the best possible security for your environment. You usually adapt it for your own environment in order to secure those ESXi servers even more.

ESXi firewall is a full blown firewall which is built-in. It sits between the management interface and the network. At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for the default services. Those services, like DNS, DHCP, 8O…. You can find all the default open ports in the Online user guide here: TCP and UDP Ports for Management Access.

New video on VMware Techpubs will teach you on how to add an IP address (or range) to the list of allowed IP adresses which can access the server's host services. You'll see that it can be easily done through the vSphere client, but also it can be done remotely via the CLI.

Through the vSphere client it's a two or three click process.

ESXi Firewall – How to Add allowed IP adresses into ESXi Firewall through the vSphere client:

01. Select your ESXi host and click the Configuration TAB
02. Click on the firewall properties and select the service in the firewall properties
03. Click the firewall button, and in the dialog box, enter the IP adress or range IP adresses. Separated by the coma. (Note: you can also enter IP addresses in IP v6 format.

ESXi Firewall

By default the ESXi Firewall is enabled.

There is also a way to configure the firewall rules, and adding an allowed IP address (s) to the ESXi Firewall, through the command line.

ESXi Firewall – How to Add Allowed IP addresses through the CLI:

Step 0: To list the rule sets information already configured:  esxcli network firewall ruleset list

Step 1: To set a ruleset to false(true): esxcli network firewall ruleset set-a=false -r=fdm

Adding Allowed IP Addresses to the ESXi Firewall

Step 2: Add the IP address as an allowed IP address, to the ruleset.

esxcli network firewall ruleset allowedip add -i=10.10.7.20 -r=fdm

Adding Allowed IP Addresses to the ESXi Firewall

ESXi Firewall Commands:

esxcli network firewall get     – Returns the enabled or disabled status of the ESXi firewall and lists default actions.

esxcli network firewall set –defaultaction     – Update default actions.

esxcli network firewall set –enabled     -Enable or disable the ESXi firewall.

esxcli network firewall load     -Load the ESXi firewall module and rule set configuration files.

esxcli network firewall refresh     -Refresh the ESXi firewall configuration by reading the rule set files if the firewall module is loaded.

esxcli network firewall unload     -Destroy filters and unload the firewall module.

esxcli network firewall ruleset list     -List rule sets information from the ESXi Firewall.

esxcli network firewall ruleset set –allowedall     -Set the allowedall flag.

esxcli network firewall ruleset set –enabled     -Enable or disable the specified rule set on the ESXi Firewall.

esxcli network firewall ruleset allowedip list     -List the allowed IP addresses of the specified rule set.

esxcli network firewall ruleset allowedip add     -Allow access to the rule set from the specified IP address or range of IP addresses.

esxcli network firewall ruleset allowedip remove     -Remove access to the rule set from the specified IP address or range of IP addresses.

 ESXi Firewall – Adding Allowed IP Addresses to the ESXi Firewall

 

Interesting KB: ESXi Firewall – kb.vmware.com/kb/2005284

Interesting PDF: Secure ESXi host –  https://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-security-guide.pdf

The ESXi Firewall was a post published on ESX Virtualization

Enjoy… -:)

Hopefully this chapter will help you to study towards VMware VCP-DCV Certification based on vSphere 8.x. Find other chapters on the main page of the guide  – VCP8-DCV Study Guide Page.

More posts from ESX Virtualization:

  • Homelab v 8.0 (NEW)
    • NXJ6412 Maxtang EHL30 TPM Alert in vCenter Server 8.0 BIOS Config
    • vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC
    • VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona
  • vSphere 8.0 Page (NEW)
  • Veeam Bare Metal Recovery Without using USB Stick (TIP)
  • ESXi 7.x to 8.x upgrade scenarios
  • A really FREE VPN that doesn’t suck
  • Patch your ESXi 7.x again
  • VMware vCenter Server 7.03 U3g – Download and patch
  • Upgrade VMware ESXi to 7.0 U3 via command line
  • VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
  • What is The Difference between VMware vSphere, ESXi and vCenter
  • How to Configure VMware High Availability (HA) Cluster

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)

Shares
5/5 - (1 vote)

| Filed Under: How To Tagged With: Add allowed IP ESXi Firewall, Configure ESXi Firewall, ESXi Firewall

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Comments

  1. Stan says

    November 4, 2015 at 4:46 pm

    Hello and thank you for this article. I have a question. I installed ESXi and build 4 virtual servers on it. If I use ESXi firewall, do I need to turn off Windows Server 2012 firwalls on these virtual servers? As you can see, Im not sure, still study and can not figure this out. Thank You. S

  2. Nathan says

    August 6, 2016 at 3:18 pm

    Thanks for this article. Keep up the good work. I am experience problem with my newly installed ESXi 6.
    I installed the ESXi 6.0 on my HP Proliant server. I set the root password during the installation process. The problem now is I am unable to log in through VSphere client with the same password even though the username and password were both correct. I keep getting the following message:

    Cannot complete login due to an incorrect username or password.

    Please I need your help. I have contacted VMware but they can’t help because I haven’t got a support contract. This problem is stopping me from moving on with my CCIE studies.
    I look forward to hearing from you.
    Thanks

    • Vladan SEGET says

      August 8, 2016 at 7:41 am

      Perhaps you used different language keyboard during the installation? The fastest would be to reinstall the host… Otherwise there is a way to reset the password via host profiles.

      Best luck

  3. Patrick says

    February 17, 2017 at 8:21 pm

    Hello,
    is it also possible to enter dyndns into the firewall settings? Did you try that?
    And another question:
    For example I have the following network topology:
    Windows 10 (VM) IP: 192.168.100.10 –> pfsense –> ESXi –> WAN
    What if I have a hosted ESXi with a public IP like described above, can I enter a private IP address in the firewall settings like “192.168.100.0/24” and can connect from the Win10 VM to the esxi and manage it?
    Would be glad when you reply!

Private Sponsors

Featured

  • Thinking about HCI? G2, an independent tech solutions peer review platform, has published its Winter 2023 Reports on Hyperconverged Infrastructure (HCI) Solutions.
  • Zerto: One Platform for Disaster Recovery, Backup & Cloud Mobility: Try FREE Hands-On Labs Today!
Click to Become a Sponsor

Most Recent

  • Veeam confirming vSphere 9.0 and ESXi 9 upcoming support
  • Veeam Backup & Replication v13 Beta: A Game-Changer with Linux
  • What is Veeam Data Cloud Vault and how it can help SMBs
  • Nakivo Backup and Replication – Malware Scan Feature
  • Zerto 10 U7 released with VMware NSX 4.2 Support
  • XorMon NG 1.9.0 Infrastructure Monitoring – now also with Veeam Backup Support
  • Heartbeat vs Node Majority StarWind VSAN Failover Strategy
  • Vulnerability in your VMs – VMware Tools Update
  • FREE version of StarWind VSAN vs Trial of Full version
  • Commvault’s Innovations at RSA Conference 2025 San Francisco

Get new posts by email:

 

 

 

 

Support us on Ko-Fi

 

 

Buy Me a Coffee at ko-fi.com

Sponsors

Free Trials

  • DC Scope for VMware vSphere – optimization, capacity planning, and cost management. Download FREE Trial Here.
  • Augmented Inline Deduplication, Altaro VM Backup v9 For #VMware and #Hyper-V – Grab your copy now download TRIAL.

VMware Engineer Jobs

VMware Engineer Jobs

YouTube

…

Find us on Facebook

ESX Virtualization

…

Copyright © 2025 ·Dynamik-Gen · Genesis Framework · Log in