Q
Problem solve Get help with specific problems with your technologies, process and projects.

How do you reconfigure access to a VMkernel port?

Use ESXi firewall configuration settings and VMkernel ports to control the levels of access that different services, such as Secure Shell, have to your management network.

With vSphere, you can reconfigure VMkernel port settings and limit access from services such as Secure Shell exclusively...

to your management network.

Every VMkernel TCP/IP stack with an IP address uses that address to listen for services. If you want to use a service such as Secure Shell (SSH) only on your management network, additional configuration is necessary. It's impossible to bind a service to a certain TCP/IP stack, but you can configure the firewall to only allow access to one or a range of addresses.

It's likely you've never had to access the ESXi firewall configuration in your system. The default configuration only allows for the use of those ports that are necessary for the enabled services. When you enable a service, the accompanying VMkernel ports open for you. For example, if you enable the Network Time Protocol service, it opens outgoing UDP port 123.

You can manually open and close each VMkernel port if you want. You can also follow these directions to access and add additional configuration settings for certain VMkernel ports.

Adjust these settings in vSphere Client in the configure tab of your ESXi host. In Figure A, you can see an example of this configuration.

vSphere Client configuration settings
Figure A. Configure settings in vSphere Client.

In this example, the checkbox for Allow connections from any IP address is disabled for the SSH server and one address is in the IP list. With this configuration, the only connections allowed are from that single address to the SSH server. You can add multiple addresses in a list separated by commas.

You can also add a subnet range, such as 172.31.0.0/16. The format is the network address, which is 172.31.0.0 in this example, followed by the prefix length, which is 16 bits. This allows access to only those computers with an address in that subnet.

This was last published in June 2018

Dig Deeper on VMware and networking

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What considerations do you make when managing your ESXi host?
Cancel

-ADS BY GOOGLE

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close