ESX Virtualization

VMware ESXi, vSphere, VMware Backup, Hyper-V... how-to, videos....

Nakivo Backup and Replication - #1 Backup solution for Virtual, physical, cloud, NAS and SaaS

Menu
  • Certification
      • VCP-DCV vSphere 8
          • vcp2024-125.
        • Close
    • Close
  • VMware
    • Configuration Maximums
    • vSphere
      • vSphere 8.0
      • vSphere 7.0
      • vSphere 6.7
      • vSphere 6.5
      • vSphere 6.0
      • Close
    • VMworld
      • VMware EXPLORE 2024
      • VMware EXPLORE 2023
      • VMware EXPLORE 2022
      • VMworld 2019
      • VMworld 2018
      • VMworld 2017
      • VMworld 2016
      • VMworld 2015
      • VMworld 2014
      • VMworld 2013
      • VMworld 2012
      • VMworld 2011
      • Close
    • Close
  • Microsoft
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Close
  • Categories
    • Tips – VMware, Microsoft and General IT tips and definitions, What is this?, How this works?
    • Server Virtualization – VMware ESXi, ESXi Free Hypervizor, VMware vSphere Server Virtualization, VMware Cloud and Datacenter Virtualization
    • Backup – Virtualization Backup Solutions, VMware vSphere Backup and ESXi backup solutions.
    • Desktop Virtualization – Desktop Virtualization, VMware Workstation, VMware Fusion, VMware Horizon View, tips and tutorials
    • How To – ESXi Tutorials, IT and virtualization tutorials, VMware ESXi 4.x, ESXi 5.x and VMware vSphere. VMware Workstation and other IT tutorials.
    • Free – Free virtualization utilities, ESXi Free, Monitoring and free backup utilities for ESXi and Hyper-V. Free IT tools.
    • Videos – VMware Virtualization Videos, VMware ESXi Videos, ESXi 4.x, ESXi 5.x tips and videos.
    • Home Lab
    • Reviews – Virtualization Software and reviews, Disaster and backup recovery software reviews. Virtual infrastructure monitoring software review.
    • Close
  • Partners
    • NAKIVO
    • StarWind
    • Zerto
    • Xorux
    • Close
  • This Web
    • News
    • ESXi Lab
    • About
    • Advertise
    • Archives
    • Disclaimer
    • PDFs and Books
    • Close
  • Free
  • Privacy policy

VCP-DCV on vSphere 8.x Objective 4.19.5 – Configure ESXi firewall

By Vladan SEGET | Last Updated: April 2, 2023

Shares

We're slowly and steady approaching the completion of our Community Study Guide for VCP-DCV certification exam. Today is a day where we go for another topic that is present on the latest VMware Blueprint, that covers all chapters of the VCP-DCV certification exam based on VMware vSphere 8.x. The topic is VCP-DCV on vSphere 8.x Objective 4.19.2 – Configure ESXi firewall. 

A short chapter that is easy to check and learn. If you have a lab, you can just test it. If you don't, then read on….

The study guide page VCP8-DCV with all those individual chapters helps you with learning towards VMware certification exam (2V0-21. 23) and to became VCP-DCV on vSphere 8.x. Check the Official VMware VCP-DCV 2023 exam guide (blueprint) here. Also please check the certification requirements (depends on if you hold already a VCP etc..)

You can configure incoming and outgoing firewall connections for a service or a management agent from the vSphere Client or at the command line.

You can use the ESXi Shell or ESXCLI commands to configure ESXi at the command line to automate the firewall configuration.

Log in to the vCenter Server by using the vSphere Client and browse to the host in the inventory > Click Configure, then click Firewall under System. You can toggle between incoming and outgoing connections by clicking Incoming and Outgoing.

In the Firewall section, click Edit. Select from one of the three service groups, Ungrouped, Secure Shell, and Simple Network Management Protocol.  Select the rule sets to be activated, or deselect the rule sets to be deactivated.

For some services, you can also manage service details by navigating to Configure > Services under System. For some services, you can explicitly specify IP addresses from which connections are allowed.

via host client:

Add allowed IP

To restrict traffic, change each service to allow traffic only from your management subnet. You can also deselect some services if your environment does not use them. To update the Allowed IP list for a service you can use the vSphere Client, ESXCLI, or PowerCLI.

Browse to the ESXi host. Click Configure, then click Firewall under System. You can toggle between incoming and outgoing connections by clicking Incoming and Outgoing.

In the Firewall section, click Edit. Select from one of the three service groups, Ungrouped, Secure Shell, and Simple Network Management Protocol.
To display the Allowed IP Addresses section, expand a service.

In the Allowed IP Addresses section, deselect Allow connections from any IP address and enter the IP addresses of networks that are allowed to connect to the host.
Separate IP addresses with commas. You can use the following address formats:

192.168.0.0/24
192.168.1.2, 2001::1/64
fd3e:29a6:0a81:e478::/64

Example from the lab…..

For the list of supported ports and protocols in the ESXi firewall, see the VMware Ports and Protocols Tool™ at https://ports.vmware.com/.

Some of the Firewall commands you can use via ESXi Shell:

esxcli network firewall get – Return the status of the firewall and list the default actions.

esxcli network firewall set –default-action – Set to true to set the default action to pass. Set to false to set the default action to drop.

esxcli network firewall set –enabled – Activate or deactivate the ESXi firewall.

esxcli network firewall load – Load the firewall module and the rule set configuration files.

esxcli network firewall refresh – Refresh the firewall configuration by reading the rule set files if the firewall module is loaded.

esxcli network firewall unload – Destroy filters and unload the firewall module.

esxcli network firewall ruleset list – List rule sets information.

esxcli network firewall ruleset set –allowed-all – Set to true to allow all access to all IPs. Set to false to use a list of allowed IP addresses.

esxcli network firewall ruleset set –enabled –ruleset-id=<string> – Set enabled to true to activate the specified ruleset. Set enabled to false to deactivate the specified ruleset.

esxcli network firewall ruleset allowedip list – List the allowed IP addresses of the specified rule set.

esxcli network firewall ruleset allowedip – add Allow access to the rule set from the specified IP address or range of IP addresses.

esxcli network firewall ruleset allowedip remove – Remove access to the rule set from the specified IP address or range of IP addresses.

esxcli network firewall ruleset rule – list List the rules of each ruleset in the firewall.

You can see that both the ESXi Host Client and vSphere Web Client allow you to open and close firewall ports. But you can only manage predefined ports. Can we create custom firewall ports? Yes, however, you'll need to use the VMware command-line interface (CLI) for the job, and I'm not sure that's a supported scenario.

Hopefully this chapter will help you to study towards VMware VCP-DCV Certification based on vSphere 8.x. Find other chapters on the main page of the guide  – VCP8-DCV Study Guide Page.

More posts from ESX Virtualization:

  • VMware vSphere 8.0 U1 Announced (NEW)
  • VMware vSAN 8.0 U1 What's New? (NEW)
  • vSphere 8.0 Page
  • Veeam Bare Metal Recovery Without using USB Stick (TIP)
  • ESXi 7.x to 8.x upgrade scenarios
  • A really FREE VPN that doesn’t suck
  • Patch your ESXi 7.x again
  • VMware vCenter Server 7.03 U3g – Download and patch
  • Upgrade VMware ESXi to 7.0 U3 via command line
  • VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
  • What is The Difference between VMware vSphere, ESXi and vCenter
  • How to Configure VMware High Availability (HA) Cluster
  • Homelab v 8.0 (NEW)
    • NXJ6412 Maxtang EHL30 TPM Alert in vCenter Server 8.0 BIOS Config
    • vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC
    • VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)

Shares
Vote !

| Filed Under: Server Virtualization Tagged With: Configure ESXi Firewall

About Vladan SEGET

This website is maintained by Vladan SEGET. Vladan is as an Independent consultant, professional blogger, vExpert x16, Veeam Vanguard x9, VCAP-DCA/DCD, ESX Virtualization site has started as a simple bookmarking site, but quickly found a large following of readers and subscribers.

Connect on: Facebook. Feel free to network via Twitter @vladan.

Private Sponsors

Featured

  • Thinking about HCI? G2, an independent tech solutions peer review platform, has published its Winter 2023 Reports on Hyperconverged Infrastructure (HCI) Solutions.
  • Zerto: One Platform for Disaster Recovery, Backup & Cloud Mobility: Try FREE Hands-On Labs Today!
Click to Become a Sponsor

Most Recent

  • FREE version of StarWind VSAN vs Trial of Full version
  • Commvault’s Innovations at RSA Conference 2025 San Francisco
  • VMware ESXi FREE is FREE again!
  • Installation of StarWind VSAN Plugin for vSphere
  • Protect Mixed environments with Nakivo Physical Machine recovery (bare metal)
  • No more FREE licenses of VMware vSphere for vExperts – What’s your options?
  • Tails – Your Private OS on USB Stick
  • StarWind V2V Converter Now has CLI
  • Veeam VHR ISO v2 – 2025 Download and Install
  • Deployment OVA and Installation of Nakivo Backup and Replication for VMware

Get new posts by email:

 

 

 

 

Support us on Ko-Fi

 

 

Buy Me a Coffee at ko-fi.com

Sponsors

Free Trials

  • DC Scope for VMware vSphere – optimization, capacity planning, and cost management. Download FREE Trial Here.
  • Augmented Inline Deduplication, Altaro VM Backup v9 For #VMware and #Hyper-V – Grab your copy now download TRIAL.

VMware Engineer Jobs

VMware Engineer Jobs

YouTube

…

Find us on Facebook

ESX Virtualization

…

Copyright © 2025 ·Dynamik-Gen · Genesis Framework · Log in