Troubleshooting network connection issues caused by firewall configuration
Article ID: 310995
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
This article troubleshoots network connection issues caused by firewall configuration.
Symptoms:
- Cannot connect to the network
- Virtual machine network connection fails
- Cannot ping default gateway
- Cannot ping host
Environment
VMware ESXi 4.0.x Installable
VMware ESXi 3.5.x Installable
VMware ESXi 4.0.x Embedded
VMware ESXi 4.1.x Installable
VMware VirtualCenter 2.0.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware ESX Server 3.0.x
VMware ESXi 4.1.x Embedded
VMware ESX Server 3.5.x
VMware ESX 4.0.x
VMware ESX 4.1.x
VMware ESXi 3.5.x Embedded
VMware VirtualCenter 2.5.x
VMware ESXi 3.5.x Installable
VMware ESXi 4.0.x Embedded
VMware ESXi 4.1.x Installable
VMware VirtualCenter 2.0.x
VMware vCenter Server 4.1.x
VMware vCenter Server 4.0.x
VMware ESX Server 3.0.x
VMware ESXi 4.1.x Embedded
VMware ESX Server 3.5.x
VMware ESX 4.0.x
VMware ESX 4.1.x
VMware ESXi 3.5.x Embedded
VMware VirtualCenter 2.5.x
Resolution
Incorrect firewall configuration may cause virtual machine network connection failures.
Note: Ensure to involve your network security team while performing any major testing.
To resolve connection issues caused by firewall configuration:
- Change the Windows XP firewall settings to allow ICMP echo requests. For more information, see Cannot ping Windows XP virtual machine from outside (1004897) .
Note: Patch updates may enable ICMP blocking.
- Use the Telnet tool to verify that the other computer permits connections on the port you are using to connect. Run the command:
telnet <IP address> <port>, where <IP address> is the IP address of the other computer and <port> is the port you are attempting to make a connection on
If you do not receive an error message, the other computer is configured to permit connections on that port. If you receive an error message, the other computer may not be configured to permit connections on that port. Contact your network administrator to obtain a valid port number. See Testing port connectivity with Telnet (1003487).
- For more refined and targeted connectivity testing using netcat, telnet, tcpdump, and other network connectiivity testing tools, see Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi (2020669), specifically the caution about nc -zu.
Additional Information
There exist versions of netcat for windows as well as Linux/Unix, which could be used for Guest OS firewall testing.
Testing port connectivity with Telnet
Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi
Impact/Risks:
Testing port connectivity with Telnet
Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi
Impact/Risks:
Feedback
Yes
No
Powered by
