You could do something like this
Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.list.Invoke() |
where { $_.Name -match "^CIM" -and $_.Enabled -eq 'true' }
ForEach-Object -Process {
$esxcli.network.firewall.ruleset.set.Invoke(@{
enabled = $true
rulesetid = $_.Name
})
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I would also use a Set-VMHostService cmdlet to set the policy for that service to 'Off".
You should also have a look at KB1025757.
Unless you run the chkconfig command on the ESXi node, the change will not be persistent across reboots of the ESXi node.
You can eventually block FW ports, but the CIM service would still be running.
To block the ports, you can use the Get-EsxCli cmdlet.
The command is under $esxcli.network.firewall.ruleset
For the required ports have a look at Incoming and Outgoing Firewall Ports for ESXi Hosts
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
i am turning off the policy also .however what method should i use to disable firewall ruleset for "cimhttpserver","cimhttpsserver","cimslp"
powercli version is 11.5
You could do something like this
Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
$esxcli = Get-EsxCli -VMHost $esx -V2
$esxcli.network.firewall.ruleset.list.Invoke() |
where { $_.Name -match "^CIM" -and $_.Enabled -eq 'true' }
ForEach-Object -Process {
$esxcli.network.firewall.ruleset.set.Invoke(@{
enabled = $true
rulesetid = $_.Name
})
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
ok thnaks.