After you deploy the vCenter Server Appliance, you can edit the firewall settings of the vCenter Server Appliance and can create firewall rules. You can edit the firewall settings by using the vSphere Web Client.
By using the firewall rules, you can allow or block the traffic between the vCenter Server Appliance and specific servers, hosts, or virtual machines. You cannot block specific ports, you block all of the traffic.
Verify that the user who logs in to the vCenter Server instance in the vCenter Server Appliance is a member of the SystemConfiguration.Administrators group in vCenter Single Sign-On.
- Use the vSphere Web Client to log in as administrator@your_domain_name to the vCenter Server instance in the vCenter Server Appliance.
The address is of the type http://appliance-IP-address-or-FQDN/vsphere-client.
- On the vSphere Web Client main page, hover over the Home icon, click Home, and select System Configuration.
- Under System Configuration, click Nodes.
- Under Nodes, select a node and click the Manage tab.
- Under Advanced, select Firewall and click Edit.
- Edit the firewall settings.
Add a firewall rule
Click the Add icon () to create a new firewall rule.
Select a network interface of the virtual machine .
Type an IP address of the network to apply this rule on.
The IP address can be IPv4 and IPv6 address.
Type a subnet prefix length.
From the Action drop-down menu, select whether to block or to allow the connection between the vCenter Server Appliance and the network that you specified.
Edit a firewall rule
Click the Edit icon () to edit a firewall rule.
Edit the settings of the rule.
Prioritize the rules
Click the down or up arrows to move a rule downwards or upwards in the list of rules.
Delete a firewall rule
Select a rule from the list, and click the Delete icon ().
- Click OK to save your edits.