I was investigating an event that would appear every two minutes, flooding the Events on the host.

So the first event in the sequence is “Port vmk1 is now protected by Firewall”. Followed by “Firewall configuration has changed. Operation ‘allowall’ for rule set iSM succeeded” and finally “Firewall configuration has changed. Operation ‘noallowall’ for rule set iSM succeeded”.

So three events every two minutes… That’s 2,160 events every day…

First of all, I checked the vmkernel ports. I did see a vSwitchiDRACvusb Standard Switch but there was no vmk1 port. So my conclusion was that the configuration was broken and need to be fixed.

Some background information… The rule set iSM is created when you install the Dell iDRAC Service Module for ESXi. While installing the iDRAC Service Module VIB on a VMware ESXi server, the iDRAC Service Module creates the vSwitch and Portgroup to communicate with iDRAC over the OS to iDRAC Pass-through in USB NIC mode. So the source is the iSM VIB. I decided this VIB was not used so I removed it with a simple command.

esxcli software vib remove --vibname=iSM

After a reboot of the host, the events were gone!