Configuration details | - Attempt to browse to vCenter from a separate host and confirm it is successful.
- From VAMI, go to Firewall and click Add.
- Choose the appropriate interface (for example, nic0), IP address of the host conducting the browsing test, /32 mask, and set Action to Deny.
- Save the rule.
|
Verification steps | - Go to the test host and confirm that it can no longer browse to vCenter.
- Return to VAMI and delete the rule.
- Confirm that the test host can browse to vCenter again.
|
Helpful tips | - This blocks the subnet/host entirely so be careful when specifying what is being rejected.
- Think of this as vCenter adding firewall host rules in Linux.
- This can be an added layer of defense in the network.
- If locked out, access the vCenter shell through the VM on the hosting ESXi server.
|