Scenario 22

< Back | Next>


You are configuring a vSphere environment to work well in a hardened network. Your network requires customized ports for many applications and services. Configure each ESXi host to use a customized port for DNS. Although the ESXi firewall allows you to control DNS over UDP port 53, you are required to enable DNS on TCP port 53.


Environment Information:

Objective: 7.2 Configure and Maintain the ESXi Firewall

Guide Reference(s):


Click Here For Solution



To accomplish this task, the administrator can perform the following steps:

chmod 644 /etc/vmware/firewall/service.xml

<service id="0032">
<rule id='0000'>

  • Modify the permissions of the /etc/vmware/firewall/service.xml file to reset it to the original state, using this command:

chmod 444 /etc/vmware/firewall/service.xml

esxcli network firewall refresh.

  • Repeat these steps for each ESXi host.