ESXI 6.5 webinterface

Hello,

Have an Vmware ESXI host with hosts a Sophos UTM home.

 

The UTM has the external IP and does work.

 

What i need to get working is this 

the ESXI host Version 6.5 is only managed trough a web interface, this interface listens on HTTPS.

 

but it has a specified site path /ui 

 

I already tried to setup a vertual webserver and a real one. under Webserver Protection --> Web Application Firewall

If is set it up there i only get 403 or 503 errors .

 

 

Setup is as follows 

Virtual Webserver 

Name : ESXI 

Interface: External  (WAN) (Adress) xxx.xxx.112.190 

Type: Encrypted (HTTPS)

Domains

Exernal IP 

Firewall profile : Basic Protection

 

Real Webserver 

Name: esxi

Host: ESXI internal host 192.168.2.2

Type: Encrypted

port:443

Site Patch Routing

Name: /ui 

Virtual webserver : ESXI

path /ui

reverse authentication: no profile

Real webservers 

esxi

acess control not ticked 

 

Does someone knows why and can point me in the right direction so it will work, i cant manage my virtual mashines now due to the fact that vmware esxi 6.5 does not support vsphere client anymore

 

  • Hoi Michel,

    Please show pictures of the Edits of  the Virtual and Real Servers.

    Cheers - Bob

  • It's unclear what you're trying to do.

    Is the esxi host on the same interface and subnet as the utm management console?

    If you have a multi nic system, did you specify the correct nic during installation?  Is this the same nic that's mapped to the LAN side of UTM's vm?

    What happens if you configure a static ip on a pc in the same subnet as the esxi host.  Are you able to access the esxi management console then?

    I'm running utm under esxi as well.  In fact, for security reasons I chose to use different subnets for the local lan and and esxi management.  Esxi's management subnet was added as an additional address under interfaces.  I set up a few firewall rules so very few clients can access the esxi host.

    Note, IMO it's really poor practice to allow external access to the esxi host.  If anything, it should be done through a vpn connection.

  • In reply to Jay Jay:

    I am not sure that from a security point of view, as already mentioned, exposing ESX webif is a good idea.

    We have a Windows VM running which we use for management, and which is accessed via RDP through a VPN tunnel.

  • In reply to Harro Verton:

    ^^That's an interesting approach. Is this windows VM on all the time? 

    Is the goal then in essence to eliminate any offsite utm webif access?

    I suppose this fortifies the utm further by only allowing local admin access. 

    I can see such security in a commercial environment.  Not so much in a home setting.

     

    Edit:  Just realized, WOL is a level 2 function as it relies on mac address for functionality.  So this would not work directly over a vpn.  One would need to ssh into the utm or some other server to issue a wol command (or run a wol script).  I have several wifi routers serving as AP's.  Their webui has a wol function which can be access remotely.

    I too am running a windows vm. It's used for htpc purposes with passthrough gpu and bt for input.  It's on only when watching tv, then shuts off shortly after.

  • In reply to Jay Jay:

    Our ESX servers are on 24/7, yes.