Firewall Ruleset

Overview

Evidence: Firewall Ruleset Description: ESXi Firewall Ruleset Category: Network Platform: esxi Short Name: fwruleset Is Parsed: Yes Sent to Investigation Hub: Yes Collect File(s): No

Background

ESXi's built-in firewall protects management interfaces by controlling inbound and outbound network traffic. Firewall rules define which services are accessible and from where, making rule configuration critical for preventing unauthorized remote access and detecting rule tampering.

Data Collected

This collector gathers structured data about firewall ruleset.

Firewall Ruleset Data

Collection Method

This collector parses firewall ruleset configuration, extracting rule names, enabled/disabled status, allowed IP addresses or networks, port numbers, protocol types, and direction specifications for each defined firewall rule.

Forensic Value

Firewall rule analysis reveals security policy violations, detects unauthorized rule modifications that enable remote access, identifies overly permissive rules, and exposes attempts to disable security controls. Comparing rules against security baselines helps identify compromise indicators and policy violations.