Inbound rule to restrict access to MySQL port for GMS Distributed setup on Windows

1. RDP into the Windows server where the GMS console is installed.
2. Click on Start >> Administrative tools >> Windows Firewall with Advanced Security

3. Go to Inbound Rules >> New Rule
4. Click on Custom, and on the next page, select All Programmes.

5. Next at the Protocol & Ports wizard

Select the Protocol Type TCP, Specific Ports option for the Local Port, enter the port number 3306, and click Next.

6. Next at the Scope wizard need to enter the Remote IP Address of the Agents to connect the port

Click on the Add Button, enter the IP Address, and click OK and Next.

7. Select Allow the connection option and click Next.
8. On the Profile Page, select all three options. Domain, Private and Public.

9. Click the Next Button
10. In the final step, you need to provide the Name of this Rule. (eg. MYSQL Port Restriction Rule)
11. Click on the Finish button.

Inbound rule to restrict access to MySQL port for GMS Distributed setup for Virtual Machine (ESXi)

1. Login to upstream firewall for GMS
2. Create Address Object and Service Object for MySQL port 3306
   
   
   
3. Now create an access rule to deny access to port 3306 from any network or zone
   
   Note: Replace NSM-QA and NSM-QA-INTERNAL ZONE (From and To) and create as per your source and destination(10.5.40.147-GMS). 

If not using upstream firewall, pls refer to below KB to create 'Firewall Rules' on ESXi host to limit access:

Add Allowed IP Addresses for an ESXi Host by Using the VMware Host Client