Tuesday, June 11, 2019

Have to ping a ESXi Host first before I can Vsphere to it.

So I have workstations on one subnet that have to talk to ESXi Hosts in another subnet in another part of the country.

And when I try and vsphere (TCP 902) from one of my workstations I see "incomplete" in the firewall entries. Even on the firewall protecting the other (esxi hosts) subnet I still see an inbound firewall request that also has the status incomplete.

If I ping the host once first then I can vsphere/console to the host and all the virtual machines on the host. Im thinking that it is something to do with the host not finding a route back to my workstations? and that ping is setting up that connection to allow that route back. The hosts have a default route to a pair of cisco routers and they have their gateway pointing to a paloalto 3020 which then has a bunch of routes going via a wan connection (pretty standard stuff).

Unsure how to fix this as there is no firewall blocking the traffic - just this odd behavior requiring the ping first.



No comments:

Post a Comment