Tuesday, June 3, 2014

Port changes between ESXi 5.1u2 and 5.5u1

The following "firewall labels" have been added and are defaulted to open to all networks in ESXi 5.5u1 (unsure about 5.5 GA):
  • DHCPv6 (self explanatory)[tcp/udp 546 in 547 out]
  • cmmds (VSAN) [udp 12345,23451 in/out]*
  • rtd (VSAN) [tcp 2233 in/out]
  • ipfam (NSX) [udp 6999 in/out]
  • vsanvp (VSAN) [tcp 8080 in/out]
  • rabbitmqproxy (vFabric) [tcp 5671 out]
I was not able to turn off vsanvp (Cannot change the host configuration. Call "HostFirewallSystem.DisableRuleset" for object "firewallSystem-152" on vCenter Server "X" failed.) but I could restrict it to the local management subnet. Close enough.

While it's nice of VMware to have the one button "enable VSAN" in the webUI -- Keep the ports locked until I check that box. If ever.

* Hey! That's the combination to my luggage!

No comments:

Post a Comment