Solved: ESXi and iSCSI initiator - Firewall change

hillda01 · ‎01-19-2009

Hi,

I've just bought a Dell Equallogic ps5000xv and am setting up the iSCSI initiator and I'm reading the Equallogic documentation.

It says to modify the security options of the firewall but when I go there under ESXi I dont have the option to tick the box for iSCSI...

Is this a limitation with ESXi or am I just doing something wrong?

Regards

Dave

Dave_Mishchenko · ‎01-19-2009

ESX comes with a firewall that is part of the Linux service console VM. ESXi does not have that and does not include a firewall. You'll just need a vmkernel port with connectivity to your iSCSI device.

View solution in original post

jhandley · ‎01-19-2009

is it locked out to change or just not showing up in the list?

doubleH · ‎01-19-2009

are you licensed for iSCSI? if you are you may need to go to your licensing "Licensed Features" in the VI client and enable it.

If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points

hillda01 · ‎01-19-2009

Under licensing it says ESX server standard - licensed for two cpu's

NAS Usage

ISCSI Usage etc...

But can change the firewall

Regards

Dave

glynnd1 · ‎01-19-2009

Dave, I believe the current version of ESXi/ESX will handle opening up the firewall for you once you configure the iSCSI settings.

Dave_Mishchenko · ‎01-19-2009

ESX comes with a firewall that is part of the Linux service console VM. ESXi does not have that and does not include a firewall. You'll just need a vmkernel port with connectivity to your iSCSI device.

ctfoster · ‎01-19-2009

You can always use use the esxcfg-firewall command from the console to view and configure the firewall rules.

For instance the command

esxcfg-firewall -q

should show the swISCSIClient service in the list if its enabled

To enable iSCSI outbound connections you can use.

esxcfg-firewall -e swISCSIClien

<< didn't spot the esxi .>>

doubleH · ‎01-19-2009

wow. i haven't played with 3i yet, but am surprised that they removed the firewall. thanks for the info dave.

If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points

hillda01 · ‎01-20-2009

Thanks for the reply.

I'm following the Equallogic documentation and it says I need to add another service console and as you say there is no service console so I just use a vmkernel port. When I add the VMKernel port it uses the default gateway on my main network.

Is there any way to change the default gateway for my iSCSI VMKernel vSwitch?

ESX comes with a

firewall that is part of the Linux service console VM. ESXi does not

have that and does not include a firewall. You'll just need a vmkernel

port with connectivity to your iSCSI device.

Texiwill · ‎01-20-2009

Hello,

Moved to ESXi forum.

Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll

Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

Dave_Mishchenko · ‎01-20-2009

You can only have one gateway for the VMkernel. Do you necessarily need to change that for your ESXi host to connect to the iSCSI SAN?

DSTAVERT · ‎01-20-2009

I have some exposed servers and use a physical firewall and switch to separate the management network and the VM network. I then use a vpn to access the managemnet network. This works very well since I can also use it for an IP KVM and the server management ports. It also protects NFS and iSCSI storage. Perhaps the real benefit is that it separates storage and regular network traffic.

-- David -- VMware Communities Moderator

All

ESXi and iSCSI initiator - Firewall change