I have to build a number of standalone ESXi 6.0 servers, that I configure as much as possible via Powercli - to avoid errors. Three could be up to 200 of these - all standalone servers - no vCenters involved
A recent pen test highlighted that I need to lock down the IP addresses accessing the hosts. All well and good, found a couple of command lines on the Altaro website that seemed to do the job, and started running these against all services that were running.
The commands were :-
$ESXfw=(get-esxcli -vmhost 192.168.1.25).network.firewall
and then - for each firewall rule - eg snmp below
$ESXfw.ruleset.set($false,$true,"snmp")
$ESXfw.ruleset.allowedip.add("192.168.1.0/24"."snmp")
All worked really well - until I got to the vSphereClient rule - strangely enough the one they REALLY want me to get. At this point the first one of the two lines runs, I then lose access to the host so cannot enter the allowed ip address range!. I cannot reverse the order, that doesn't work. I really would like to automate this, as each server would have a different allowed range and the chance of these all being typed accurately is somewhere close to 0.
Has anyone got a solution?
Thanks in advance