Modified ESXi firewall rules get disabled after reboot

search cancel

Modified ESXi firewall rules get disabled after reboot

book

Article ID: 317907

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

After an ESXi host reboot, the host becomes unresponsive on previously configured network ports, which were modified from the ESXi firewall settings.

Environment

VMware vSphere ESXi

Cause

Any changes made to the firewall ruleset are not retained after ESXi host reboot.

Resolution

This issue has been fixed in ESXi 7.0 U3.

Workaround:

The affected firewall rules can be enabled from the command line. Once the rules have been enabled from the CLI, the setting will stay enabled through future reboots.
To find the correct rule to enable, run:

esxcli network firewall ruleset list

Example: esxcli network firewall ruleset list
Name Enabled
----------------------------- -------
sshServer true
sshClient false
nfsClient false
nfs41Client false
dhcp true
dns true
snmp true
ntpClient true

To enable the rules please run:

esxcli network firewall ruleset set --enabled=true -r <rulename>

Example: esxcli network firewall ruleset set --enabled=true -r dns

Additional Information

For more information regarding configuring firwall settings on ESXi host 7.0 and above, please refer article: ESXi Firewall Configuration

Feedback

thumb_up Yes

thumb_down No