nerdexam
Broadcom-VMware

2V0-622 · Question #228

An administrator creates a custom ESXi firewall rule using an XML file, however the rules do not appear in the vSphere Web Client. Which action should the administrator take to correct the problem?

The correct answer is B. Load the new rules using esxcli network firewall refresh.. The esxcli network firewall refresh command reloads firewall rule XML files on a live ESXi host, making new custom rules immediately visible without a reboot.

Section 1 – Configure and Administer vSphere 6.5 Security

Question

An administrator creates a custom ESXi firewall rule using an XML file, however the rules do not appear in the vSphere Web Client. Which action should the administrator take to correct the problem?

Options

  • ALoad the new rules using esxcli network firewall reload.
  • BLoad the new rules using esxcli network firewall refresh.
  • CVerify the entries in the XML file and then reboot the ESXi host.
  • DRemove the ESXi host from the inventory and add it back.

How the community answered

(30 responses)
  • A
    10% (3)
  • B
    83% (25)
  • C
    3% (1)
  • D
    3% (1)

Why each option

The esxcli network firewall refresh command reloads firewall rule XML files on a live ESXi host, making new custom rules immediately visible without a reboot.

ALoad the new rules using esxcli network firewall reload.

esxcli network firewall reload reloads the firewall module and its currently cached configuration but does not re-read or pick up newly added XML rule definition files.

BLoad the new rules using esxcli network firewall refresh.Correct

Running esxcli network firewall refresh causes ESXi to re-read all XML rule definition files from the firewall configuration directory and apply any new or changed entries immediately. This is the correct and non-disruptive method for activating newly placed custom firewall XML rules so they appear in the vSphere Web Client.

CVerify the entries in the XML file and then reboot the ESXi host.

A full host reboot is unnecessary because the esxcli refresh command is designed to apply new rules on a running host without downtime.

DRemove the ESXi host from the inventory and add it back.

Removing and re-adding the host from inventory is a disruptive administrative action with no effect on loading local firewall rule XML files.

Concept tested: ESXi custom firewall XML rule activation via esxcli refresh

Source: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-7A8BEFC8-BF86-49B5-AE8E-5DF72F5B5A6B.html

Topics

#ESXi firewall#custom firewall rules#esxcli firewall refresh#XML config

Community Discussion

No community discussion yet for this question.

Full 2V0-622 Practice