Cannot add allowed IP addresses for "NFS Client" in ESXi host 8.0 U2b or later
search cancel

Cannot add allowed IP addresses for "NFS Client" in ESXi host 8.0 U2b or later

book

Article ID: 372409

calendar_today

Updated On:

Products

VMware vSphere ESXi 8.0

Issue/Introduction

  • Update option for Incoming/Outgoing Firewall "NFS Client" in ESXi 8.0 U2b or later is greyed out.

Environment

VMware vSphere ESXi 8.0 U2b and later

Cause

  • With ESXi 8.0 Update 2, some ESXi firewall rulesets, such as DHCP are system-owned by default and prevent manual adding of allowed IP addresses to avoid possible break of service.
  • With ESXi 8.0 Update 2b, you can manually add allowed IP addresses to all rulesets, except for nfsClient, nfs41Client, trusted-infrastructure-kmxd, trusted-infrastructure-kmxa, and vsanEncryption.

Resolution

Though UI option is greyed out, We could add the IP address to the allowed list using below steps

1. Add an IP entry using below command :

# esxcli storage nfs firewall add -F xx.xx.xx.xx/8

2. Confirm the IP is added successfully using below commands :

# esxcli network firewall ruleset allowedip list | grep nfs
    • nfsClient     xx.xx.xx.xx/8
    • nfs41Client     All

3. Validate the currently configured firewall rules for NFS:

# esxcli storage nfs firewall list
    •    Allowed IPMask: xx.xx.xx.xx/8

Additional Information

Powered by Wolken Software