Hosts in Front of Firewall Show "Not Responding" After 1-2 Minutes


I'm attempting to manage ESX 4.0 hosts that sit in front of the firewall that protects my vCenter 4.0 Server. The ESX hosts are public. After a minute or two the hosts drop out of the cluster and say "Not Responding". I've set the firewall to time out 'never' on the ports that I've assigned to it. The firewall is a Juniper SSG-550. I've got these ports opened:

53, 80, 389, 427, 443, 626, 902, 903, 905, 5988, 5989, 8080, 8443, 9000-9010, and 27000-27010

Can anyone offer a solution to why my hosts drop out of my cluster? If I put them on the private network behind the firewall they stay with no issue. I can't open console on the VMs then from a public connection.



Not to question your setup, but it seems like a bad idea to put the hosts outside your firewall. If they get hacked, all your VMs are now owned by the hacker...
Rather, you should put the ESX Host on the private side of the firewall and then make a DMZ vSwitch within the ESX host. You should be able to do this easily by physically setting one of the NIC cards in your ESX Host outside the firewall and including ONLY that card in your DMZ vSwitch -or-
you can use VLANing, if you have an ethernet switch that supports it, and combine the DMZ network with other networks on your vSwitch and take advantage of existing NICs in your ESX Host(s).

