Which two statements are true for NFS v4.1 firewall behavior? (Choose two.)
A.
It closes port 2049.
B.
It sets allowed. All flag to TRUE.
C.
It sets allowed. All flag to FALSE.
D.
It opens port 2049.
Explanation:
https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%
2FGUID-70686ADB-961A-46BD-B814-48DCF6C5E34B.html
Correct BD
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-70686ADB-961A-46BD-B814-48DCF6C5E34B.html
5
0
B D are correct.
– NFS v4.1 Firewall Behavior
When you mount the first NFS v4.1 datastore, ESXi enables the nfs41client rule set and sets its allowedAll flag to TRUE. This action opens port 2049 for all IP addresses. Unmounting an NFS v4.1 datastore does not affect the firewall state.
– NFS v3 Firewall Behavior
When you mount the first NFS v3 datastore, ESXi enables the “nfsclient” rule set and disables the “Allow All IP Addresses” policy by setting the “allowedAll” flag to FALSE. The IP address of the NFS server is added to the allowed list of outgoing IP addresses. The nfsClient rule set is disabled when all NFS v3 datastores are unmounted.
4
0
The NFS Client firewall rule set behaves differently than other ESXi firewall rule sets. ESXi configures NFS Client settings when you mount or unmount an NFS datastore. The behavior differs for different versions of NFS.
When you mount the first NFS v4.1 datastore, ESXi enables the nfs41client rule set and sets its allowedAll flag to TRUE. This action opens port 2049 for all IP addresses. Unmounting an NFS v4.1 datastore does not affect the firewall state. That is, the first NFS v4.1 mount opens port 2049 and that port remains enabled unless you close it explicitly.
0
0