«

»

Disable ESXi host firewall ports using PowerCLI

Updated 2017-07-06 to match ESXi 6.5 FW Rule names

One thing i do for the majority of my vSphere implementations, today and previous over the years, has been to disable ESXi firewall ports not being used. There are at least a few, not always the same though, ports that will never be used no matter what environment we are talking about. The ports actually specified with their related services names i disabled during my last vSphere ESXi implementation will be included in this script.

To get all the options you can simply run the PowerCLI command “get-vmhostfirewallexception | select name” and this will be your output.

screen-shot-2016-09-13-at-18-37-47

The script that wasย tested using the following software versions:

  • VMware vCenter Server 6.0
  • VMware ESXi 6.0
  • VMware PowerCLI 6.3 R1

As usual, change the red marked text to your required/specific values.

#
# PowerCLI to test vMotion functionality
# Version 1.0
# Magnus Andersson โ€“ Staff Solution Architect @Nutanix
#
# Specify vCenter Server, vCenter Server username, vCenter Server user password, esxi hosts you want to disable FW rules for.
$vCenter=”vcenter01.npx5.local
$vCenterUser=”magander@npx5.local
$vCenterUserPassword=”not-secret
$esxihosts=”get-vmhost

#
# Specify FW ports to be closed
$fwdisable = (“vSAN Clustering Service“,”vSAN Transport“,”WOL“,”vSphere Web Access“,”DHCP Client“, “HBR“, “vvold“)
#
#
#Connect to vCenter Server
write-host Connecting to vCenter Server vcenter01.npx5.localย -foreground green
Connect-viserver $vCenter -user $vCenterUser -password $vCenterUserPassword -WarningAction 0 | out-null
#
write-host ——–
write-host Starting the process of disabling ESXi host firewall ports
write-host ——–
#
# Close FW-ports
foreach ($esxihost in (get-vmhost $esxihosts | ? { $_.ConnectionState -eq “Connected”} |sort)){
Get-vmhostfirewallexception -VMhost $esxihost $fwdisable | Set-VMHostFirewallException -enabled:$false | out-null
}
#
# Disconnect from vCenter Server
write-host “Disconnecting to vCenter Server vcenter01.npx5.local” -foreground green
disconnect-viserver -confirm:$false | out-null

Below is the script output when running in my lab environment.

screen-shot-2016-09-13-at-18-34-21

This is what you’ll see if connecting to an ESXi host using the vSphere Client when the script is running.

screen-shot-2016-09-13-at-18-30-04

Happy PowerCLI scripting:)

1 ping

Comments have been disabled.