Open non-standard ports on Esxi 6.0 Firewall

ESXi 6.0 Firewall can be easily managed from vSphere Web Client if you need to enabled or disabled a set of predefined ports (usually standard port).

How to Open non-standard ports on Esxi 6.0

In most cases you can manage firewall on esx from vsphere:

Manage > Security Profiles

firewall esxi

vsphere firewall

Here you find a set of predefined Services and relative ports, if you need to enable or disable someone of these, just click EDIT on the top.

What if you need to add a new service with a new port lot listed in vsphere firewall?

If you are using ESXi 5.x you need to access esxi (using ssh) and modify /etc/vmware/firewall/service.xml (before editing this file it is necessary to set proper permission). The official procedure is the following:

https://kb.vmware.com/s/article/2008226

Unfortunately it doesn’t work with esxi 6.0. To add a new service in Esxi 6 you don’t have to edit service.xml file but you need to create a new file “myservices.xml” with port and property defined inside.

For example I have “myservice” which need port 15001 tcp outbound, here is the file myservices.xml

If you need to add more port for one services, just add a <rule> session increasing rule id and changing port number, if you need to add a new services, add a <service> session increasing service id.

In the end you need to reload firewall rules

 

 

Leave a Reply

Your email address will not be published.