Knowledge
- Identify vicfg-firewall commands
- Explain the three firewall security levels
- Identify ESX firewall architecture with/without vCenter Server
Skills and Abilities
- Enable/Disable pre-configured services
- Configure service behavior automation
- Open/Close ports in the firewall
- Create a custom service
- Set firewall security level
Tools
- ESX Configuration Guide
- ESXi Configuration Guide
- vSphere Command-Line Interface Installation and Scripting Guide
- Product Documentation
- vSphere Client
- vSphere CLI
- vicfg-firewall
Notes
Enable/Disable pre-configured services
- esxcfg -e service
- esxcfg -d service
Configure service behavior automation
Open/Close ports in the firewall
- Allow syslog outgoing traffic:
- esxcfg-firewall -o 514,udp,out,syslog
- Close a port
- esxcfg-firewall -c 514,udp,out,syslog
Create a custom service
http://kb.vmware.com/kb/1001081
http://www.yellow-bricks.com/2007/12/31/howto-adding-a-firewall-service-on-esx/
Set firewall security level
- View security level
- esxcfg-firewall -q incoming
- esxcfg-firewall -q outgoing
- Set medium security
- esxcfg-firewall –allowOutgoing –blockIncoming
- Set low security
- esxcfg-firewall –allowIncoming -allowOutgoing
- Set high security (default)
- esxcfg-firewall –blockIncoming -blockOutgoing
- Setting the level requires a restart of vmware-hostd
- service mgmt-vmware restart