Knowledge - Explain the three firewall security levels
- High Security (Default) – Firewall is configured to block all incoming and outgoing traffic, except for ports 22,123,427,443,902,5989, and 5988. These are ports used for basic ESXi communication
- Medium Security – All incoming traffic is blocked, except on the default ports and any ports you specifically open. Outgoing traffic is not blocked
- Low Security – There are no ports blocked on either incoming or outgoing traffic. This setting is equivalent to removing the fireall
Navigate GUI to ESX Host -> Configuration -> Security Profile -> Firewall properties then check \ uncheck any pre-configured as required.
Skills and Abilities - Configure Service Behavior Automation
Skills and Abilities - Open/Close Ports In The Firewall
To open and close ports, check and uncheck in the GUI, apply configuration across hosts using Host Profiles.
Skills and Abilities - Create A Custom Service
To create a custom service is not intuitive, you need to create a xml file within /etc/vmware/firewall folder and format the file contents like copied from services.xml file for other service.
For my test I created, to create a rule for port 999 both ways, TCP and UDP.
To add the rule I can run
esxcli network firewall refresh
To note this creates a rule which is not reboot persistent so you can test, if you want to add persistent you can update the services.xml to do this you need to modify its security attributes like.
Skills and Abilities - Set Firewall Security Level
No comments:
Post a Comment