Command line: with vSphere 5 the esxcfg-* is deprecated, so the firewall configuration can be done with the esxcli command.Īs the old one (in ESX) this firewall is still service oriented, and this mean that it’s easy to manage and configure.īut this time it’s not based on Linux iptables frameworks and it’s not statefull... this mean less flexibility and, in some cases, less security.Quite the same as the old ESX configuration. vSphere Client: go to Host Configuration > Software > Security Profile.The ESXi 5 firewall can be configured though: Configuring the ESXi firewall in VMware vSphere 5.What’s New in VMware vSphere 5.0: Platform Whitepaper (page 6).About the ESXi 5.0 firewall (VMware KB).
VMWARE ESXI 5 ADD FIREWALL RULE UPGRADE
For more info see the vSphere 5 Upgrade guide. The upgrade from ESX/ESXi 4.x to ESXi 5.0 results in several changes to the host firewall configuration.It supports additional capability to restrict access to services based on IP address and subnet mask (this is quite new, and was not so “simple” in ESX).It sits between the ESXi host management interface and the management network on the local area network.It’s a stateless firewall based on ESXi services.So why add this feature? Probably just to fill a feature gap between ESXi and ESX and to improve security by using a deep approach. VMware argued that ESXi didn’t require a firewall, because the lightweight hypervisor had hardly any services or ports open, leaving it with almost nothing to attack. One of the new features of ESXi 5 is the new “personal” firewall, feature that was previously found only in the legacy (and now discontinued) ESX. This post is also available in: Italian Reading Time: 3 minutes What’s new in vSphere 5 – ESXi firewall