Updated 2017-07-06 to match ESXi 6.5 FW Rule names
One thing i do for the majority of my vSphere implementations, today and previous over the years, has been to disable ESXi firewall ports not being used. There are at least a few, not always the same though, ports that will never be used no matter what environment we are talking about. The ports actually specified with their related services names i disabled during my last vSphere ESXi implementation will be included in this script.
To get all the options you can simply run the PowerCLI command “get-vmhostfirewallexception | select name” and this will be your output.
The script that was tested using the following software versions:
- VMware vCenter Server 6.0
- VMware ESXi 6.0
- VMware PowerCLI 6.3 R1
As usual, change the red marked text to your required/specific values.
#
# PowerCLI to test vMotion functionality
# Version 1.0
# Magnus Andersson – Staff Solution Architect @Nutanix
#
# Specify vCenter Server, vCenter Server username, vCenter Server user password, esxi hosts you want to disable FW rules for.
$vCenter=”vcenter01.npx5.local“
$vCenterUser=”magander@npx5.local“
$vCenterUserPassword=”not-secret“
$esxihosts=”get-vmhost“
#
# Specify FW ports to be closed
$fwdisable = (“vSAN Clustering Service“,”vSAN Transport“,”WOL“,”vSphere Web Access“,”DHCP Client“, “HBR“, “vvold“)
#
#
#Connect to vCenter Server
write-host Connecting to vCenter Server vcenter01.npx5.local -foreground green
Connect-viserver $vCenter -user $vCenterUser -password $vCenterUserPassword -WarningAction 0 | out-null
#
write-host ——–
write-host Starting the process of disabling ESXi host firewall ports
write-host ——–
#
# Close FW-ports
foreach ($esxihost in (get-vmhost $esxihosts | ? { $_.ConnectionState -eq “Connected”} |sort)){
Get-vmhostfirewallexception -VMhost $esxihost $fwdisable | Set-VMHostFirewallException -enabled:$false | out-null
}
#
# Disconnect from vCenter Server
write-host “Disconnecting to vCenter Server vcenter01.npx5.local” -foreground green
disconnect-viserver -confirm:$false | out-null
Below is the script output when running in my lab environment.
This is what you’ll see if connecting to an ESXi host using the vSphere Client when the script is running.
Happy PowerCLI scripting:)
1 pings