Modified ESXi firewall rules disabled after reboot
search cancel

Modified ESXi firewall rules disabled after reboot

book

Article ID: 317907

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:
ESXi no longer responding on network ports with modified firewall settings after host reboot.

Environment

VMware vSphere ESXi 7.0.x

Cause

The modified ruleset becomes disabled on reboot.

Resolution


This has been fixed in 7.0 U3.

Workaround:
The affected firewall rules can be enabled from the command line.  Once the rules have been enabled from the CLI, the setting will stay enabled through future reboots. 

To enable the rules please run:
esxcli network firewall ruleset set --enabled=true -r <rulename>

Example:
[root@d02:~] esxcli network firewall ruleset set --enabled=true -r dns

To find the correct rule to enable, run:
esxcli network firewall ruleset list
Example:
[root@d02:~] esxcli network firewall ruleset list
Name                           Enabled
-----------------------------  -------
sshServer                         true
sshClient                        false
nfsClient                        false
nfs41Client                      false
dhcp                              true
dns                               true
snmp                              true
ntpClient                         true

Powered by Wolken Software