Hi,
I've just bought a Dell Equallogic ps5000xv and am setting up the iSCSI initiator and I'm reading the Equallogic documentation.
It says to modify the security options of the firewall but when I go there under ESXi I dont have the option to tick the box for iSCSI...
Is this a limitation with ESXi or am I just doing something wrong?
Regards
Dave
ESX comes with a firewall that is part of the Linux service console VM. ESXi does not have that and does not include a firewall. You'll just need a vmkernel port with connectivity to your iSCSI device.
is it locked out to change or just not showing up in the list?
are you licensed for iSCSI? if you are you may need to go to your licensing "Licensed Features" in the VI client and enable it.
If you found this or any other post helpful please consider the use of the Helpfull/Correct buttons to award points
Under licensing it says ESX server standard - licensed for two cpu's
NAS Usage
ISCSI Usage etc...
But can change the firewall
Regards
Dave
Dave, I believe the current version of ESXi/ESX will handle opening up the firewall for you once you configure the iSCSI settings.
ESX comes with a firewall that is part of the Linux service console VM. ESXi does not have that and does not include a firewall. You'll just need a vmkernel port with connectivity to your iSCSI device.
You can always use use the esxcfg-firewall command from the console to view and configure the firewall rules.
For instance the command
esxcfg-firewall -q
should show the swISCSIClient service in the list if its enabled
To enable iSCSI outbound connections you can use.
esxcfg-firewall -e swISCSIClien
<< didn't spot the esxi .>>
wow. i haven't played with 3i yet, but am surprised that they removed the firewall. thanks for the info dave.
Thanks for the reply.
I'm following the Equallogic documentation and it says I need to add another service console and as you say there is no service console so I just use a vmkernel port. When I add the VMKernel port it uses the default gateway on my main network.
Is there any way to change the default gateway for my iSCSI VMKernel vSwitch?
ESX comes with a
firewall that is part of the Linux service console VM. ESXi does not
have that and does not include a firewall. You'll just need a vmkernel
port with connectivity to your iSCSI device.
Hello,
Moved to ESXi forum.
Best regards,
Edward L. Haletky
VMware Communities User Moderator
====
Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.
Blue Gears and SearchVMware Pro Blogs: http://www.astroarch.com/wiki/index.php/Blog_Roll
Top Virtualization Security Links: http://www.astroarch.com/wiki/index.php/Top_Virtualization_Security_Links
You can only have one gateway for the VMkernel. Do you necessarily need to change that for your ESXi host to connect to the iSCSI SAN?
I have some exposed servers and use a physical firewall and switch to separate the management network and the VM network. I then use a vpn to access the managemnet network. This works very well since I can also use it for an IP KVM and the server management ports. It also protects NFS and iSCSI storage. Perhaps the real benefit is that it separates storage and regular network traffic.