Working with VMware is usually a breeze. Unfortunately, this time I ran into an issue while setting up a new Host Profile, specifically the Ruleset Configuration for the Firewall, during the configuration for a DISA STIG. Almost all of the rules match a Firewall named rule but there are Firewall rules that do not have corresponding Ruleset names. I looked through VMware documentation, Reddit, and of course Google. I was unable to find any information where the two were together. So…I decided I would take on the task myself and of course share this with everyone.
VMware does provide an Incoming and Outgoing Firewall Ports for ESXi Hosts article (https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-171B99EA-15B3-4CC5-8B9A-577D8336FAA0.html) but the service is only listed, not the corresponding Ruleset Configuration name. This is what the following table will help fill-in.
- Default – The service is enabled upon initial install
- Survive Reboot – The service will be enabled after rebooting the host
- Ruleset Name – Host Profile > Security and Services > Firewall Configuration > Firewall Configuration > Ruleset Configuration
- Ruleset Order – This is the order the rules are presented in the Host Profile
- Firewall Name – The name from Configure > System > Security Profile > Firewall menu
- In-Ord – This is the order of the incoming rules in the UI
- In – These are the ingress TCP/UDP ports
- Out-Ord – This is the order of the outgoing rules in the UI
- Out – These are the egress TCP/UDP ports