Allowing Host Client access only from specific IP addresses
search cancel

Allowing Host Client access only from specific IP addresses

book

Article ID: 418184

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

If security requirements necessitate restricting access to the Host Client, you can follow the steps in this article to configure settings that allow access to the Host Client only from specific IP addresses.

Environment

vSphere 7.x

vSphere 8.x

Resolution

  1. Log in to vCenter Server using the vSphere Client.

  2. Navigate to the host in the inventory.

  3. Click "Configure" and then click "Firewall" under "System".

  4. Click "Incoming".

  5. Click "Configure" in the "Firewall" section.

  6. Select "Ungrouped".

  7. Select the rule set "vSphere Web Client" and click ">" to expand it.

  8. Uncheck the "Allow connections from any IP address" checkbox.

  9. Enter the IP addresses you want to allow connections from in the "IP List" box.

    When listing multiple items, separate them with commas as shown in the example below.

    192.0.2.1, 192.168.1.0/24

    You can specify an IP address in the format shown in the example below.

    - 192.0.2.1 (specific IPv4 address)
    - 192.0.2.0/24 (IPv4 network address)
    - 2001:db8::1/64 (specific IPv6 address)
    - 2001:db8::/64 (IPv6 network address)

    Note: To ensure vCenter Server can connect to ESXi hosts, make sure to include the IP address of vCenter Server in the allowed IP list.
  10. Click "OK".

Additional Information

[Reference]

Manage ESXi Firewall Settings

Activate or Deactivate an ESXi Service.

Add Allowed IP Addresses for an ESXi Host

For information on how to manage ESXi Firewall using ESXCLI, please refer to the following document.

Using ESXCLI Firewall Commands to Configure ESXi Behavior

Powered by Wolken Software