Firewall Configuration

ESXi ships with a software firewall that is configured by default to block outgoing connection requests. When an indication is triggered, the producer cannot open a connection to the consumer unless the target port is opened in the firewall.
When you create an indication subscription, the CIMOM opens the corresponding port in the firewall for you. To check the firewall configuration, use these commands:
  • esxcli network firewall get
    tells you whether the firewall is enabled.
  • esxcli network firewall ruleset list
    tells you which specific services are enabled.
To disable or enable the firewall, use these commands:
  • esxcli network firewall set -e false
    disables the firewall.
  • esxcli network firewall set -e true
    enables the firewall.
It is also possible to create rulesets to open or close firewall ports manually. For information about manual firewall configuration for ESXi, see the
vSphere Security Guide
.
For information about the
esxcli
command set, see the manual
Getting Started with vSphere Command-Line Interfaces.