When attempting to enable the SLP service in an ESXi 8.0 environment by running the following firewall configuration command, an invalid operation error occurs.

Command: esxcli network firewall ruleset set -r CIMSLP -e 1
Error: Invalid operation requested: Can not enable disable this ruleset, it is owned by system service.

VMware ESXi 8.0 and later

Starting with ESXi 8.0 Update 2, certain firewall rules including CIMSLP are classified as system-owned for security hardening. This restricts users from manually enabling or disabling these firewall rules. Instead, these rules are automatically managed based on the state of their associated services.

Instead of modifying the firewall rule directly, enable the SLP service itself at the system level. The CIMSLP port will open automatically in conjunction with the service.

1. Log in to the ESXi host via SSH.

2. Run the following command to enable the SLP service:
   esxcli system slp set -e 1

3. Verify the status to ensure the CIMSLP rule is set to true:
   esxcli network firewall ruleset list | grep -i cimslp

Note: The SLP service is deprecated in ESXi 8.0 due to security reasons and is scheduled for removal in a future major release. For more details, please refer to Common Information Model CIM and Service Location Protocol SLP removal VOBs in ESXi 8.0 Update 3 313159. Transitioning to an alternative monitoring method that does not rely on SLP is highly recommended.

Japanese version: ESXi 8.0環境におけるCIMSLPファイアウォールルール変更時のエラーとSLPサービスの有効化について (435930)