We'd love to hear about it! Click here to go to the product suggestion community
Hello,Have an Vmware ESXI host with hosts a Sophos UTM home.
The UTM has the external IP and does work.
What i need to get working is this
the ESXI host Version 6.5 is only managed trough a web interface, this interface listens on HTTPS.
but it has a specified site path /ui
I already tried to setup a vertual webserver and a real one. under Webserver Protection --> Web Application Firewall
If is set it up there i only get 403 or 503 errors .
Setup is as follows
Name : ESXI
Interface: External (WAN) (Adress) xxx.xxx.112.190
Type: Encrypted (HTTPS)
Firewall profile : Basic Protection
Host: ESXI internal host 192.168.2.2
Site Patch Routing
Virtual webserver : ESXI
reverse authentication: no profile
acess control not ticked
Does someone knows why and can point me in the right direction so it will work, i cant manage my virtual mashines now due to the fact that vmware esxi 6.5 does not support vsphere client anymore
Please show pictures of the Edits of the Virtual and Real Servers.
Cheers - Bob
It's unclear what you're trying to do.
Is the esxi host on the same interface and subnet as the utm management console?
If you have a multi nic system, did you specify the correct nic during installation? Is this the same nic that's mapped to the LAN side of UTM's vm?
What happens if you configure a static ip on a pc in the same subnet as the esxi host. Are you able to access the esxi management console then?
I'm running utm under esxi as well. In fact, for security reasons I chose to use different subnets for the local lan and and esxi management. Esxi's management subnet was added as an additional address under interfaces. I set up a few firewall rules so very few clients can access the esxi host.
Note, IMO it's really poor practice to allow external access to the esxi host. If anything, it should be done through a vpn connection.
In reply to Jay Jay:
I am not sure that from a security point of view, as already mentioned, exposing ESX webif is a good idea.
We have a Windows VM running which we use for management, and which is accessed via RDP through a VPN tunnel.
In reply to Harro Verton:
^^That's an interesting approach. Is this windows VM on all the time?
Is the goal then in essence to eliminate any offsite utm webif access?
I suppose this fortifies the utm further by only allowing local admin access.
I can see such security in a commercial environment. Not so much in a home setting.
Edit: Just realized, WOL is a level 2 function as it relies on mac address for functionality. So this would not work directly over a vpn. One would need to ssh into the utm or some other server to issue a wol command (or run a wol script). I have several wifi routers serving as AP's. Their webui has a wol function which can be access remotely.
I too am running a windows vm. It's used for htpc purposes with passthrough gpu and bt for input. It's on only when watching tv, then shuts off shortly after.
Our ESX servers are on 24/7, yes.