Configure the VAMI firewall to restrict vCenter access to specified IP addresses or subnets
search cancel

Configure the VAMI firewall to restrict vCenter access to specified IP addresses or subnets

book

Article ID: 412016

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

The vCenter processes the firewall rules from top to bottom in a sequence. The order sequence is critical in defining the firewall rule correctly. The article is talking about how to configure firewall rule in vCenter Appliance Management Interface(VAMI) to restrict specified IP addresses or subnets accessing vCenter Server.

Environment

VMware vCenter Server 7.x
VMware vCenter Server 8.x

Resolution

  1. Access the VAMI address https://<appliance-IP-address-or-FQDN>:5480
  2. In Firewall click ADD
  3. In the New Firewall Rule specify details of the rule.

    For example:

    Network Interface: nic0
    IP Address: xx.xx.xx.xx
    Subnet Prefix Length: 24
    Action: Reject

  4. Click SAVE

     Notes:

  • Make sure to first create "Allow" rules for any trusted IP addresses or subnets (e.g., your management or jump host). If you apply the reject rule before allowing your own IP, you may lock yourself out of the VAMI interface.
  • It is essential to have an offline snapshot of the vCenter prior to starting the configuration. If the vCenter is part of ELM, all vCenters in ELM must be powered down and take snapshot.

Additional Information

Powered by Wolken Software