Scenario 22

You are configuring a vSphere environment to work well in a hardened network. Your network requires customized ports for many applications and services. Configure each ESXi host to use a customized port for DNS. Although the ESXi firewall allows you to control DNS over UDP port 53, you are required to enable DNS on TCP port 53.

Click Here For Solution

Solution

To accomplish this task, the administrator can perform the following steps:

Enable the ESXi Shell on an ESXi host.
Modify the permissions of the /etc/vmware/firewall/service.xml file to allow write access, using this command:

chmod 644 /etc/vmware/firewall/service.xml

Use the vi editor to modify the /etc/vmware/firewall/service.xml file.
Add these lines to create the appropriate rule:

<service id="0032">
<id>DNSTCPOut</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>53</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>

Modify the permissions of the /etc/vmware/firewall/service.xml file to reset it to the original state, using this command:

chmod 444 /etc/vmware/firewall/service.xml

Refresh the firewall by using this command:

esxcli network firewall refresh.

Repeat these steps for each ESXi host.

Scenario 22

Scenario:

Requirements:

Environment Information:

Objective: 7.2 Configure and Maintain the ESXi Firewall

Guide Reference(s):

Click Here For Solution

Solution