Skip to content

The ESXi host must configure the firewall to restrict access to services running on the host.

An XCCDF Rule

Description

<VulnDiscussion>Unrestricted access to services running on an ESXi host can expose a host to outside attacks and unauthorized access. Reduce the risk by configuring the ESXi firewall to only allow access from authorized networks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-256417r886032_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

From the vSphere Client, go to Hosts and Clusters. 

Select the ESXi Host >> Configure >> System >> Firewall.

Click "Edit...". For each enabled service, uncheck the check box to "Allow connections from any IP address" and input the site-specific network(s) required.