Tuesday, March 17, 2009

ESX Firewall Configuration

The firewall on ESX, which appears to be Linux IP Tables, can be manually maintained via the esxcfg-firewall command on the service console. From what I can tell, the service definitions that are fed to the command are defined in the file /etc/vmware/firewall/services.xml, at least on our ESX 3.0.2 U1. On our ESX systems that file contains the following rule set definitions:

<id>sshServer</id>
<id>sshClient</id>
<id>ftpServer</id>
<id>ftpClient</id>
<id>nfsClient</id>
<id>smbClient</id>
<id>snmpd</id>
<id>vncServer</id>
<id>nisClient</id>
<id>ntpClient</id>
<id>telnetClient</id>
<id>LicenseClient</id>
<id>CIMHttpServer</id>
<id>CIMHttpsServer</id>
<id>CIMSLP</id>
<id>swISCSIClient</id>
<id>vpxHeartbeats</id>
<id>AAMClient</id>
<id>veritasNetBackup</id>
<id>veritasBackupExec</id>
<id>TSM</id>
<id>commvaultStatic</id>
<id>commvaultDynamic</id>
<id>activeDirectorKerberos</id>
<id>kerberos</id>
<id>legatoNetWorker</id>
<id>rshClient</id>

To enable one of these rule set profiles, run the command esxcfg-firewall –e 'name'. As in, esxcfg-firewall ntpClient
Posted by at No comments:

Wednesday, March 11, 2009

ASA/PIX Console Message Monitoring

To watch log messages while attached to a PIX or ASA running 8.x.

To start monitoring:
config t
logging monitor <level> I like warnings
terminal monitor

To stop monitoring:
terminal no monitor
no logging monitor
Posted by at No comments:
Subscribe to: Posts (Atom)