• vMotion fails with the following error:
  The vMotion migrations failed because the ESX hosts were not able to connect over the vMotion network.  Check the vMotion network settings and physical network configuration.
• Connection test using nc -z <Target_IP> 8000 from the source ESXi host to the destination host fails.
• vmkping between vMotion VMkernel interfaces is successful.
• Disabling the ESXi firewall on the destination host (esxcli network firewall set --enabled false) allows vMotion to complete successfully.

VMware vSphere

This issue occurs when the gdbserver firewall ruleset is enabled and configured with a restrictive Allowed IP list that does not include the source ESXi host's vMotion IP address.

The gdbserver ruleset defines a broad port range (TCP 1000-9999), which includes the vMotion port (TCP 8000).
When a vMotion packet arrives at the destination host, the firewall engine matches it against the gdbserver rule first.
If the source IP is not in the gdbserver allowed list, the packet is dropped before it can be processed by the default vMotion ruleset.

To resolve this issue, perform one of the following:

• Option 1: Disable the gdbserver ruleset (Recommended if not in use)
  Run the following command on the affected ESXi host:
  esxcli network firewall ruleset set -e false -r gdbserver
  
  
• Option 2: Add the vMotion network to the gdbserver Allowed IP list
  If gdbserver is required, add the source host's network to the allowed list:
  esxcli network firewall ruleset allowedip add -i <Source_vMotion_Network> -r gdbserver

ファイアウォールルールセット gdbserver との競合により、vMotionがタイムアウトエラーで失敗する

Similar Issues:

• vMotion port 8000 blocked after ESXi host firewall rule change
• vMotion fails if remoteSerialPort firewall rule set is enabled on ESXi