Open non-standard ports on Esxi 6.0 Firewall

ESXi 6.0 Firewall can be easily managed from vSphere Web Client if you need to enabled or disabled a set of predefined ports (usually standard port).

How to Open non-standard ports on Esxi 6.0

In most cases you can manage firewall on esx from vsphere:

Manage > Security Profiles

firewall esxi

vsphere firewall

Here you find a set of predefined Services and relative ports, if you need to enable or disable someone of these, just click EDIT on the top.

What if you need to add a new service with a new port lot listed in vsphere firewall?

If you are using ESXi 5.x you need to access esxi (using ssh) and modify /etc/vmware/firewall/service.xml (before editing this file it is necessary to set proper permission). The official procedure is the following:

Unfortunately it doesn’t work with esxi 6.0. To add a new service in Esxi 6 you don’t have to edit service.xml file but you need to create a new file “myservices.xml” with port and property defined inside.

For example I have “myservice” which need port 15001 tcp outbound, here is the file myservices.xml

#vi /etc/vmware/firewall/myservices.xml

<!-- Firewall configuration information for IL MY SERVICES -->
<service id='0000'>
&nbsp; <rule id='0000'>
&nbsp; &nbsp;<direction>outbound</direction>
&nbsp; &nbsp; <protocol>tcp</protocol>
&nbsp; &nbsp; &nbsp;<porttype>dst</porttype>
&nbsp; &nbsp; &nbsp;<port>15001</port>
&nbsp; &nbsp;</rule>

If you need to add more port for one services, just add a <rule> session increasing rule id and changing port number, if you need to add a new services, add a <service> session increasing service id.

In the end you need to reload firewall rules

#esxcli network firewall refresh



One Comment

  1. viele dank!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.