vShield Administration Guide
28
VMware, Inc.
5
Click
Add
.
A new row appears in the Cluster Level Rules section of the table.
6
Double-click each cell in the new row to select the appropriate information.
You must type IP addresses in the
Source
and
Destination
fields, and port numbers in the
Source Port
and
Destination Port
fields.
7
(Optional) Select the new row and click
Up
to move the row up in priority.
8
(Optional) Select the
Log
check box to log all sessions matching this rule.
9
Click
Commit
to save the rule.
To create a firewall rule at the port group level
1
In the vSphere Client, go to
Inventory > Networking
.
2
Select a port group from the resource tree.
3
Click the
vShield Zones
tab.
4
Click
Zones Firewall
.
5
Click
Add
.
A new row is added at the bottom of the Secure Port Group Rules section.
6
Double-click each cell in the new row to select the appropriate information.
You must type IP addresses in the
Source
and
Destination
fields, and port numbers in the
Source Port
and
Destination Port
fields.
7
(Optional) Select the new row and click
Up
to move the row up in priority.
8
(Optional) Select the
Log
check box to log all sessions matching this rule.
9
Click
Commit
to save the rule.
Create a Layer 2/Layer 3 Zones Firewall Rule
The Layer 2/Layer 3 firewall enables configuration of allow or deny rules for common Data Link Layer and
Network Layer requests, such as ICMP pings and traceroutes.
You can change the default Layer 2/Layer 3 rules from allow to deny based on your network security policy.
Layer 4 firewall rules allow or deny traffic based on the following criteria:
To create a Layer 2/Layer 3 firewall rule
1
In the vSphere Client, go to
Inventory > Hosts and Clusters
.
2
Select a datacenter resource from the resource tree.
3
Click the
vShield Zones
tab.
4
Click
Zones Firewall
.
5
Click
L2/L3 Rules
.
6
Click
Add
.
A new row is added at the bottom of the DataCenter Rules section of the table.
Criteria
Description
Source (A.B.C.D/nn)
IP address with netmask (nn) from which the communication originated
Destination (A.B.C.D/nn)
IP address with netmask (nn) which the communication is targeting
Protocol
Transport protocol used for communication
Summary of Contents for VSHIELD APP 1.0.0 UPDATE 1 - API
Page 9: ...VMware Inc 9 vShield Manager and vShield Zones...
Page 10: ...vShield Administration Guide 10 VMware Inc...
Page 14: ...vShield Administration Guide 14 VMware Inc...
Page 18: ...vShield Administration Guide 18 VMware Inc...
Page 24: ...vShield Administration Guide 24 VMware Inc...
Page 34: ...vShield Administration Guide 34 VMware Inc...
Page 42: ...vShield Administration Guide 42 VMware Inc...
Page 46: ...vShield Administration Guide 46 VMware Inc...
Page 47: ...VMware Inc 47 vShield Edge and Port Group Isolation...
Page 48: ...vShield Administration Guide 48 VMware Inc...
Page 57: ...VMware Inc 57 vShield App and vShield Endpoint...
Page 58: ...vShield Administration Guide 58 VMware Inc...
Page 62: ...vShield Administration Guide 62 VMware Inc...
Page 68: ...vShield Administration Guide 68 VMware Inc...
Page 78: ...vShield Administration Guide 78 VMware Inc...
Page 85: ...VMware Inc 85 Appendixes...
Page 86: ...vShield Administration Guide 86 VMware Inc...