Firewall Configuration

ESXi ships with a software firewall that is configured by default to block outgoing connection requests. When an indication is triggered, the producer cannot open a connection to the consumer unless the target port is opened in the firewall.

When you create an indication subscription, the CIMOM opens the corresponding port in the firewall for you. To check the firewall configuration, use these commands:

esxcli network firewall get

tells you whether the firewall is enabled.

esxcli network firewall ruleset list

tells you which specific services are enabled.

To disable or enable the firewall, use these commands:

esxcli network firewall set -e false

disables the firewall.

esxcli network firewall set -e true

enables the firewall.

It is also possible to create rulesets to open or close firewall ports manually. For information about manual firewall configuration for ESXi, see the

vSphere Security Guide

For information about the

esxcli

command set, see the manual

Getting Started with vSphere Command-Line Interfaces.

Connections from CIM Server to Indication Consumer

Content feedback and comments

VMware vSphere SDKs and Tools 6.7

Firewall Configuration