After you determine the level of firewall security for the service console, you can set the security level. Each time you lower your security setting or open additional ports, you increase the risk of intrusion in your network. Balance your access needs against how tightly you want to control the security of the network.

1

Log in to the service console and acquire root privileges.

2

Run one of the following commands to set the service console firewall security level.

To set the service console firewall to medium security:

esxcfg-firewall --allowOutgoing --blockIncoming

To set the virtual firewall to low security:

esxcfg-firewall --allowIncoming --allowOutgoing
Caution

Using the preceding command disables all firewall protection.

To return the service console firewall to high security:

esxcfg-firewall --blockIncoming --blockOutgoing
3

Use the following command to restart the vmware-hostd process.

service mgmt-vmware restart

Changing the service console firewall security level does not affect existing connections. For example, if the firewall is set to low security and a backup is running on a port you did not explicitly open, raising the firewall setting to high does not terminate the backup. The backup completes, releases the connection, and no further connections are accepted for the port.