HOWTO: Exclude Virtual Machines from Firewall Protection

In this post, we’ll look at the final step of deploying the VMware NSX infrastructure, excluding VMs from the firewall protection.  The default rule if DENY ALL which is due to security by design reasons but can cause all sorts of problems!

VMware recommends that the following machines are excluded:

  • vCenter Server (including Platform Services Controllers)
  • Partner service virtual machines.
  • Virtual machines that require promiscuous mode.
  • The SQL server that your Windows-based vCenter uses.
  • vCenter Web server, if you are running it separately.

Adding Virtual Machines to the Exclusion List

Note: These steps assume you are not even logged into vCenter Server.  Skip the first few steps if you are!

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Network and Security.

Click Installation tab and click Management.

Double Click on the NSX Manager IP Address.

Click Manage.

Click Exclusions List.

Click Add(+).

Select the VM(s) you want to exclude and click the arrow to move them to the exclusion list.

Click OK.

And there you have it!

Leave a Reply