Version 9
Before getting started opening the ports required, please ensure that you also have the Software iSCSI storage Adapter enabled like in the screenshot below:
For VM backup to be able to boot a VMware VM from your backup location, it requires ports 36200-36220 to be allowed through the host firewall (if it is enabled).
This .XML config file is a custom firewall rule called "VMBackupV9-BFB" and it will allow outbound traffic on TCP ports 36200-36220
To import this custom firewall rule, please follow the steps below:
1. Copy and paste the following content to a blank notepad, then save it as a VMBackupV9-BFB.xml:
<ConfigRoot>
<service id='0200'>
<id>VMBackupV9-BFB</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>36200</begin>
<end>36220</end>
</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
2. The newly created VMBackupV9-BFB.xml file, upload it to a folder in your datastore on the ESXi host in question:
3. Then SSH to the ESXi host (how to here)
4. Through the terminal console navigate to the location where you've copied the .XML config file, which in this case is (/vmfs/volumes/63208e0d-e852e6f6-2f77-0050568daa9b/), we can do that with the following command:
cd /vmfs/volumes/63208e0d-e852e6f6-2f77-0050568daa9b/
Note: Your datastore volume will have a different id
5. Use the following command to copy the .XML file from the datastore location to the appropriate location (/etc/vmware/firewall/):
cp /vmfs/volumes/63208e0d-e852e6f6-2f77-0050568daa9b/VMBackupV9-BFB.xml /etc/vmware/firewall
6. Once the .XML is located in /etc/vmware/firewall/ we need to change the permission of the XML file to read only. We can do this with the following command:
chmod 444 VMBackupV9-BFB.xml
7. Once the above is done, we just need to tell the firewall service to refresh all of the firewall rules with the following command:
esxcli network firewall refresh
8. If the above is done correctly we should see the following firewall rule in the host firewall rules:
With this firewall rule in place, you should now be able to use the Boot From Backup feature on your ESXi Host successfully.
Note: If you are running VMware 5.5, kindly contact the support team for assistance to open the ports.
Version 8
Before getting started opening the ports required, ensure that you also have an iSCSI Storage Adapter as per the article here.
For VM Backup to be able to boot up a VMware VM from your backup drive, it requires ports 35200-35220 to be allowed through the VMware firewall (if it is enabled).
Adding custom ports to the VMware firewall is no easy task, so we have created a VIB (vSphere Installation Bundle) to make things easier for you.
This VIB will add a rule to the VMware firewall called "AltaroBootFromBackup"
The rule will allow outbound traffic on TCP ports 35200-35220
To use this VIB, please follow the steps below:
- Download the zipped AltaroBootFromBackup.vib file from the link below:
- Upload it to the root of your datastore on the ESXi host in question
- SSH to the ESXi host
- Use this command to run the VIB:
esxcli software vib install -v /vmfs/volumes/63208e0d-e852e6f6-2f77-0050568daa9b/AltaroBootFromBackup.vib -f
- The results should be a new VMware ESXi Firewall rule that looks something like this:
With this firewall rule in place, you should now be able to use the Boot From Backup feature on your ESXi Host successfully.