VMware VSHIELD APP 1.0 - Admin Manual Download

Page: 17 / 146

VMware, Inc.

The

vShield

Manager

user

interface

offers

configuration

and

data

viewing

options

specific

vShield

use.

utilizing

the

VMware

Infrastructure

SDK,

the

vShield

Manager

displays

your

vSphere

Client

inventory

panel

for

complete

view

your

vCenter

environment.

The

chapter

includes

the

following

topics:



“Logging

the

vShield

Manager

User

Interface”

page 17



“Accessing

the

Online

Help”

page 18



“vShield

Manager

User

Interface”

page 18

Logging in to the vShield Manager User Interface

You

access

the

vShield

Manager

management

interface

using

Web

browser.

To log in to the vShield Manager user interface

Open

Web

browser

window

and

type

the

address

assigned

the

vShield

Manager.

The

vShield

Manager

user

interface

opens

SSH

session.

the

security

certificate.

The

vShield

Manager

screen

appears.

Log

the

vShield

Manager

user

interface

using

the

username

admin

and

the

password

default

You

should

change

the

default

password

one

your

first

tasks

prevent

unauthorized

use.

See

“Edit

User

Account”

page 34.

Click

Log

vShield Manager User Interface
Basics

OTE

You

can

the

vShield

Manager

vSphere

Client

plug

‐

in.

This

allows

you

configure

vShield

components

from

within

the

vSphere

Client.

For

more,

see

“Register

the

vShield

Manager

vSphere

Client

Plug

‐

in”

page 22.

OTE

use

SSL

certificate

for

authentication,

see

“Add

SSL

Certificate

Identify

the

vShield

Manager

Web

Service”

page 24.

Summary of Contents for VSHIELD APP 1.0 -

Page 1: ...1 0 vShield Endpoint Security 1 0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition To check for more recen...

Page 2: ...bout this documentation submit your feedback to docfeedback vmware com Copyright 2010 VMware Inc All rights reserved This product is protected by U S and international copyright and intellectual prope...

Page 3: ...efreshing the Inventory Panel 18 Searching the Inventory Panel 18 vShield Manager Configuration Panel 19 3 Management System Settings 21 Identify Your vCenter Server 21 Register the vShield Manager as...

Page 4: ...eport 41 System Event Notifications 42 vShield Manager Virtual Appliance Events 42 vShield App Events 42 Syslog Format 42 View the Audit Log 43 9 Uninstalling vShield Components 45 Uninstall a vShield...

Page 5: ...ll Recorded Flows 70 Editing Port Mappings 70 Add an Application Port Pair Mapping 70 Delete an Application Port Pair Mapping 71 Hide the Port Mappings Table 71 13 App Firewall Management 73 Using App...

Page 6: ...reboot 93 shutdown 94 CLI Mode Commands 94 configure terminal 94 disable 94 enable 95 end 95 exit 95 interface 96 quit 96 Configuration Commands 97 clear vmwall rules 97 cli ssh allow 97 copy running...

Page 7: ...17 show ntp 117 show process 118 show route 118 show running config 118 show service 119 show service statistics 119 show services 119 show session manager counters 120 show session manager sessions 1...

Page 8: ...eshooting Operation Issues 134 vShield Manager Cannot Communicate with a vShield App 134 Problem 134 Solution 134 Cannot Configure a vShield App 134 Problem 134 Solution 134 Firewall Block Rule Not Bl...

Page 9: ...amiliar to you For definitions of terms as they are used in VMware technical documentation go to http www vmware com support pubs Document Feedback VMware welcomes your suggestions for improving our d...

Page 10: ...s on labs case study examples and course materials designed to be used as on the job reference tools Courses are available onsite in the classroom and live online For onsite pilot programs and impleme...

Page 11: ...VMware Inc 11 vShield Manager and vShield Zones...

Page 12: ...vShield Administration Guide 12 VMware Inc...

Page 13: ...n be configured through a web based user interface a vSphere Client plug in a command line interface CLI and REST API To run vShield you need one vShield Manager virtual machine and at least one vShie...

Page 14: ...eate access control policies regardless of network topology A vShield App monitors all traffic in and out of an ESX host including between virtual machines in the same port group vShield App includes...

Page 15: ...the current ESX host undergoes a reboot or maintenance mode routine Each vShield Edge should move with its secured port group to maintain security settings and services vShield App and Port Group Iso...

Page 16: ...vShield Administration Guide 16 VMware Inc...

Page 17: ...ser window and type the IP address assigned to the vShield Manager The vShield Manager user interface opens in an SSH session 2 Accept the security certificate The vShield Manager login screen appears...

Page 18: ...and Secured Port Groups The Hosts Clusters view displays the datacenters clusters resource pools and ESX hosts in your inventory The Networks view displays the VLAN networks and port groups in your i...

Page 19: ...s that can be configured based on the selected inventory resource and the output of vShield operation Each resource offers multiple tabs each tab presenting information or configuration forms correspo...

Page 20: ...vShield Administration Guide 20 VMware Inc...

Page 21: ...vShield Manager is installed as a virtual machine log in to the vShield Manager user interface to connect to your vCenter Server This enables the vShield Manager to display your VMware Infrastructure...

Page 22: ...from the vShield Manager inventory panel 4 Click the Configuration tab The vCenter screen appears 5 Under vSphere Plug in click Register Registration might take a few minutes 6 Log in to the vSphere...

Page 23: ...figure the vShield Manager to use the proxy server The vShield Manager supports application level HTTP HTTPS proxies such as CacheFlow and Microsoft ISA Server To identify a proxy server 1 Click Setti...

Page 24: ...software running on your vShield components The Update Status tab appears See View the Current System Software on page 37 Add an SSL Certificate to Identify the vShield Manager Web Service You can ge...

Page 25: ...figuration tab 3 Click SSL Certificate 4 Under Import Signed Certificate click Browse at Certificate File to find the file 5 Select the type of certificate file from the Certificate File drop down lis...

Page 26: ...vShield Administration Guide 26 VMware Inc...

Page 27: ...ones Firewall rules at the datacenter cluster and port group levels to provide a consistent set of rules across multiple vShield Zones instances under these containers As membership in these container...

Page 28: ...s Container level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by al...

Page 29: ...addresses in the Source and Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Sel...

Page 30: ...ort and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Select the Log check box to log all sessions matching this rule 9 Click Commit to s...

Page 31: ...ive sessions against the current firewall rules 1 Update and commit the Zones Firewall rule set at the appropriate container level 2 Open a console session on a vShield Zones instance issue the valida...

Page 32: ...s Firewall Rule You can delete any App Firewall rule you have created You cannot delete the any rules in the Default Rules section of the table To delete an App Firewall rule 1 Click an existing row i...

Page 33: ...page 35 Managing User Rights Within the vShield Manager user interface a user s rights define the actions the user is allowed to perform on a given resource Rights determine the user s authorized acti...

Page 34: ...Full Name for identification purposes 6 Optional Type an Email Address 7 Type a Password for login 8 Re type the password in the Retype Password field 9 Click OK After account creation you configure...

Page 35: ...your changes Delete a User Account You can delete any created user account You cannot delete the admin account Audit records for deleted users are maintained in the database and can be referenced in a...

Page 36: ...vShield Administration Guide 36 VMware Inc...

Page 37: ...e available as offline updates When an update is made available you can download the update to your PC and then upload the update by using the vShield Manager user interface When the update is uploade...

Page 38: ...upgraded when the status of the last vShield App is displayed as Finished 7 After the vShield Manager reboots click the Update Status tab 8 Click Reboot Manager if prompted 9 Click Finish Install to c...

Page 39: ...ation tab 3 Click Backups 4 Optional Select the Exclude System Events check box if you do not want to back up system event tables 5 Optional Select the Exclude Audit Logs check box if you do not want...

Page 40: ...ype the User Name required to login to the backup system 11 Type the Password associated with the user name for the backup system 12 In the Backup Directory field type the absolute path where backups...

Page 41: ...he System Event Report The vShield Manager aggregates system events into a report that can be filtered by vShield App and event severity To view the System Event report 1 Click Settings Reports from t...

Page 42: ...log follow command Run show log follow command Run show log follow command Syslog NA See Syslog Format on page 42 e1000 mgmt e1000_watchdog_task NIC Link is Up Down 100 Mbps Full Duplex For scripting...

Page 43: ...anager users The vShield Manager retains audit log data for one year after which time the data is discarded To view the Audit Log 1 Click Settings Reports from the vShield Manager inventory panel 2 Cl...

Page 44: ...vShield Administration Guide 44 VMware Inc...

Page 45: ...t 2 Select the ESX host from the inventory tree 3 Click the vShield tab 4 Click Uninstall for the vShield App or vShield Zones service The instance is uninstalled Uninstalling vShield Components 9 NOT...

Page 46: ...bled Port Group Isolation you must migrate or power off the virtual machines on the ESX host from which you want to uninstall a vShield Edge Uninstalling Port Group Isolation places the ESX host in ma...

Page 47: ...d for 40007 SVM with moid not registered 40015 vmId is malformatted or of incorrect length Uninstall the vShield Endpoint Module from the vSphere Client Uninstalling an vShield Endpoint module puts th...

Page 48: ...vShield Administration Guide 48 VMware Inc...

Page 49: ...VMware Inc 49 vShield Edge and Port Group Isolation...

Page 50: ...vShield Administration Guide 50 VMware Inc...

Page 51: ...Edge on page 51 Specify a Remote Syslog Server on page 52 Managing the vShield Edge Firewall on page 52 Manage NAT Rules on page 53 Manage DHCP Service on page 54 Manage VPN Service on page 56 Manage...

Page 52: ...d Edge firewall rules police traffic based on the following criteria You can add destination and source port ranges to a rule for dynamic services such as FTP and RPC which require multiple ports to c...

Page 53: ...dge validate sessions Manage NAT Rules The vShield Edge provides network address translation NAT service to protect the IP addresses of internal private networks from the public network You must confi...

Page 54: ...s IP address pooling and one to one static IP address allocation Static IP address binding is based on the vCenter managed object ID and interface ID of the requesting client vShield Edge DHCP service...

Page 55: ...4 Click the DHCP link 5 Under Static Bindings click Add Bindings A new row appears in the table 6 Double click each cell in the row to enter or select the appropriate information The Primary Name Serv...

Page 56: ...NAT device In this deployment the NAT device translates the VPN address of a vShield Edge into a publicly accessible address facing the Internet Remote VPN routers use this public address to access th...

Page 57: ...connect to the site To identify a VPN peer tunnel 1 In the vSphere Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4...

Page 58: ...ancer service 1 In the vSphere Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Load Balancer link 5 Click...

Page 59: ...here Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Status link 5 Under Edge Services select a service a...

Page 60: ...vShield Administration Guide 60 VMware Inc...

Page 61: ...VMware Inc 61 vShield App and vShield Endpoint...

Page 62: ...vShield Administration Guide 62 VMware Inc...

Page 63: ...s and make the rules easier to track You can monitor the health of vShield App instances by using the vShield Manager user interface and by sending vShield App system events to a syslog server This ch...

Page 64: ...Details include system statistics status of interfaces software version and environmental variables To view the health of a vShield App 1 Log in to the vShield Manager user interface 2 Select a vShie...

Page 65: ...3 Click the Configuration tab 4 Click System Status 5 Click an interface under the Port column to view traffic statistics For example to view the traffic statistics for the vShield App management inte...

Page 66: ...vShield Administration Guide 66 VMware Inc...

Page 67: ...arts on page 68 Change the Date Range of the Flow Monitoring Charts on page 68 View the Flow Monitoring Report on page 68 Add an App Firewall Rule from the Flow Monitoring Report on page 69 Editing Po...

Page 68: ...a datacenter or cluster resource from the resource tree 3 Click the vShield App tab 4 Click Flow Monitoring The charts are updated to display the most current information for the last seven days This...

Page 69: ...allow or deny rule App Firewall rule creation from Flow Monitoring data is available at the datacenter and cluster levels only To add an App Firewall rule from the Flow Monitoring report 1 In the vSph...

Page 70: ...nown applications and protocols their respective ports and a description vShield recognizes common protocol and port mappings such as HTTP over port 80 Your organization might employ an application or...

Page 71: ...ing from the table When you delete a mapping any traffic to the application port pair is listed as Uncategorized in the Flow Monitoring statistics To delete an application port pair mapping 1 Go to In...

Page 72: ...vShield Administration Guide 72 VMware Inc...

Page 73: ...this way App Firewall effectively has a continuous footprint on each ESX host under the managed containers Securing Containers and Designing Security Groups When creating App Firewall rules you can c...

Page 74: ...level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by all clusters a...

Page 75: ...Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the rule up in priority 8 Optional Select the Log check box to log...

Page 76: ...e 9 Click Commit to save the rule To create a firewall rule at the port group level 1 In the vSphere Client go to Inventory Networking 2 Select a port group from the resource tree 3 Click the vShield...

Page 77: ...to log all sessions matching this rule 9 Click Commit Creating and Protecting Security Groups The Security Groups feature enables you to create custom containers to which you can assign resources such...

Page 78: ...By default a vShield Edge matches firewall rules against each new session After a session has been established any firewall rule changes do not affect active sessions The CLI command validate sessions...

Page 79: ...he inventory panel 3 Click the vShield App tab 4 Click App Firewall 5 From the Revert to Snapshot drop down list select a snapshot Snapshots are presented in the order of timestamps with the most rece...

Page 80: ...vShield Administration Guide 80 VMware Inc...

Page 81: ...sident thin agent To view vShield Endpoint status 1 In the vSphere Client go to Inventory Hosts and Clusters 2 Select a datacenter cluster or ESX host resource from the resource tree 3 Click the vShie...

Page 82: ...ents affecting the health status of the vShield Endpoint module Table 14 1 Warnings Marked Yellow Possible Cause Action SVM is registered but vShield Endpoint module does not see any virtual machines...

Page 83: ...nts Those virtual machines are not protected while this warning persists This is usually a transient alarm that does not require attention If it persists or turns to red look at the vCenter Server eve...

Page 84: ...SM_SVM_EVENT_DROPPED_EVENTS timestamp warning Health Status information has been lost 2006 VSM_SVM_EVENT_MISSING_REPORT timestamp error vShield Manager lost communication with SVM 2007 VSM_SVM_EVENT_R...

Page 85: ...esponding ESX host for example during power up or incoming vMotion 1001 VSM_VM_EVENT_DISCONNECTED VM configured for vShield Endpoint protection will generate this event when loaded on the correspondin...

Page 86: ...number Thin agent initialization failure Successfully found SCSI device to communicate with the security virtual machine SVM Failure to create filter device object or failure to attach to device stac...

Page 87: ...VMware Inc 87 Appendixes...

Page 88: ...vShield Administration Guide 88 VMware Inc...

Page 89: ...elect the vShield virtual machine from the inventory panel and click the Console tab You can log in to the CLI by using the default user name admin and password default You can also use SSH to access...

Page 90: ...following commands move the pointer around on the command line Keystrokes Description CTRL A Moves the pointer to beginning of the line CTRL B or the left arrow key Moves the pointer back one charact...

Page 91: ...nt password and the Privileged mode password are managed separately The default Privileged mode password is the same for each CLI user account You should change the Privileged mode password to secure...

Page 92: ...unt other than admin 5 Switch to Privileged mode 6 Switch to Configuration mode 7 Delete the admin user account manager config no user admin 8 Save the configuration 9 Run the exit command twice to lo...

Page 93: ...age 104 Show Commands on page 108 Diagnostics and Troubleshooting Commands on page 125 User Administration Commands on page 128 Terminal Commands on page 129 Deprecated Commands on page 131 Administra...

Page 94: ...no before the command Syntax no shutdown CLI Mode Privileged Interface Configuration Example vShield shutdown or vShield config interface mgmt vShield config if shutdown vShield config if no shutdown...

Page 95: ...eld Related Commands disable end Ends the current CLI mode and switches to the previous mode Syntax end CLI Mode Basic Privileged Configuration and Interface Configuration Example vShield end vShield...

Page 96: ...eld configure terminal vShield config interface mgmt vShield config if or vShield config no interface mgmt Related Commands show interface quit Quits Interface Configuration mode and switches to Confi...

Page 97: ...s vShield App CLI Example manager clear vmwall rules Related Commands show vmwall log show vmwall rules cli ssh allow Enable or disable access to the CLI via SSH session Syntax no cli ssh allow CLI Mo...

Page 98: ...elines vShield Manager CLI Example manager database erase enable password Changes the Privileged mode password You should change the Privileged mode password for each vShield virtual machine CLI user...

Page 99: ...om an interface use no before the command Syntax no ip address A B C D M CLI Mode Interface Configuration Example vShield config interface mgmt vShield config if ip address 192 168 110 200 24 or vShie...

Page 100: ...0 0 0 0 0 192 168 1 1 Related Commands show ip route manager key Sets a shared key for authenticating communication between a vShield App and the vShield Manager You can set a shared key on any vShie...

Page 101: ...use no before the command Syntax no ntp server hostname A B C D CLI Mode Configuration Usage Guidelines vShield App CLI Example vShield configure terminal vShield config ntp server 10 1 1 113 or vShi...

Page 102: ...stances Press ENTER to accept a default value Syntax setup CLI Mode Basic Usage Guidelines The Manager key option is applicable to vShield App setup only Example manager config setup Default settings...

Page 103: ...send system events You can also identify one or more syslog servers by using the vShield Manager user interface See Send vShield App System Events to a Syslog Server on page 63 To disable syslog expor...

Page 104: ...mands debug copy Copies one or all packet trace or tcpdump files and exports them to a remote server You must enable the debug packet capture command before you can copy and export files Syntax debug...

Page 105: ...debug packet capture segment 0 host_10 10 11 11_port_8 Related Commands debug copy debug packet display interface debug packet display interface Displays all packets captured by a vShield App or vShie...

Page 106: ...ename all CLI Mode Privileged Usage Guidelines vShield App CLI Example vShield debug remove tcpdumps all Option Description mgmt u0 p0 The specific vShield App interface from which to capture packets...

Page 107: ...ed Commands show services debug service flow src Debugs messages for a service that is processing traffic between a specific source to destination pair You can run the show services command to view th...

Page 108: ...Mode Privileged Usage Guidelines vShield App CLI Example vShield_Zones_host_49_269700 debug show files total 0 rw r r 1 0 Jun 23 16 04 tcpdump d0 0 Related Commands debug copy debug remove Show Comman...

Page 109: ...00 00 81 virteth1 192 168 110 1 0x1 0x2 00 0F 90 D5 36 C1 mgmt show clock Shows the current time and date of the virtual machine If you use an NTP server for time synchronization the time is based on...

Page 110: ...LI Mode Basic Privileged Usage Guidelines vShield App CLI Example vShield show debug No debug logs enabled Related Commands debug service debug service flow src show ethernet Shows Ethernet informatio...

Page 111: ...rives Syntax show filesystem CLI Mode Basic Privileged Example vShield show filesystem Filesystem Size Used Avail Use Mounted on dev hda3 4 9G 730M 3 9G 16 dev hda6 985M 17M 919M 2 tmp dev hda7 24G 1...

Page 112: ...gic BT 946C BA80C30 MultiMaster 10 11 0 0000 02 00 0 Intel Corporation 82545EM Gigabit Etherne t Controller Copper 15 0 0000 03 show hostname Shows the current hostname for a vShield Edge Syntax show...

Page 113: ...d 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 Related Commands interface show ip addr Shows the protocol addresses configured on a vShield Edge for all devices Syntax show ip add...

Page 114: ...Shield Edge Syntax show kernel message last n CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vshieldEdge show kernel message last 20 Related Commands show kernel message Option De...

Page 115: ...2 Aug 7 17 33 37 vShield_118 ntpdate 21445 adjust time server 10 115 216 84 offset 0 011031 sec Aug 7 17 34 37 vShield_118 ntpdate 21466 adjust time server 10 115 216 84 offset 0 002739 sec Aug 7 17 3...

Page 116: ...000406 sec Feb 9 12 31 54 localhost ntpdate 24580 adjust time server 192 168 110 199 off set 0 000487 sec Related Commands show log show manager log Shows the system log of the vShield Manager Syntax...

Page 117: ...hows the last n number of events in the vShield Manager log Syntax show manager log last n CLI Mode Basic Privileged Usage Guidelines vShield Manager CLI Example manager show manager log last 10 Relat...

Page 118: ...ured on a vShield Edge Syntax show route CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show route show running config Shows the current running configuration Syntax s...

Page 119: ...Balancer DHCP leases and iptable entries for firewall and NAT Syntax show service statistics CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show service statistics sho...

Page 120: ...Attached Related Commands debug service debug service flow src show session manager counters Shows historical statistics on the sessions processed by a vShield App such as the number of SYNs received...

Page 121: ...images on the slots of a vShield virtual machine Boot indicates the image that is used to boot the virtual machine Syntax show slots CLI Mode Basic Privileged Example manager show slots Recovery Syst...

Page 122: ...hows the latest vShield Edge system events which have not yet been read by the vShield Manager Syntax show system events follow reverse CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Exam...

Page 123: ...B MemFree 1667248 kB Buffers 83120 kB show system network_connections Shows the currently opened network connections and listening interfaces for a vShield Edge Syntax show system network_connections...

Page 124: ...version currently running on the virtual machine Syntax show version CLI Mode Basic Privileged Example vShield show version show vmwall log Shows the sessions that matched a firewall rule Syntax show...

Page 125: ...ech support scp URL CLI Mode Basic and Privileged Example vShield export tech support scp user123 host123 file123 link detect Enables link detection for an interface Link detection checks the status o...

Page 126: ...or debugging IPSec related issues Enter CTRL C to end ping replies Example vshieldEdge ping interface addr 192 168 1 1 69 147 76 15 show tech support Shows the system diagnostic log that can be sent t...

Page 127: ...le vShield traceroute 10 16 67 118 traceroute to 10 16 67 118 10 16 67 118 30 hops max 40 byte packets 1 10 115 219 253 10 115 219 253 128 808 ms 74 876 ms 74 554 ms 2 10 17 248 51 10 17 248 51 0 873...

Page 128: ...default web manager password Password reset user Adds a CLI user account The user admin is the default user account The CLI admin account and password are separate from the vShield Manager user inter...

Page 129: ...eb Console browser sessions Syntax no web manager CLI Mode Configuration Usage Guidelines vShield Manager CLI You can use this command after you have run the no web manager command to stop and then re...

Page 130: ...ngth Sets the number of rows to display at a time in the CLI terminal Syntax terminal length 0 512 CLI Mode Privileged Example manager terminal length 50 Related Commands reset terminal no length term...

Page 131: ...s Command close support tunnel copy http URL slot 1 2 copy http URL temp copy scp URL slot 1 2 copy scp URL temp debug export snapshot debug import snapshot debug snapshot list debug snapshot remove d...

Page 132: ...vShield Administration Guide 132 VMware Inc...

Page 133: ...ager Installation vShield OVA File Extracted to a PC Where vSphere Client Is Not Installed Problem I obtained the vShield OVA file and downloaded it to my PC If I do not have the vSphere Client on my...

Page 134: ...om the vShield Manager there is a break in connectivity between the two virtual machines The vShield management interface cannot talk to the vShield Manager management interface Make sure that the man...

Page 135: ...No Flow Data Displaying in Flow Monitoring Problem I have installed the vShield Manager and a vShield App When I opened the Flow Monitoring tab I did not see any data Solution This might be the resul...

Page 136: ...creates the following entities Creates a user named vslauser and sets a default password To see if the user was added vi etc passwd Adds the role vslauser and associates the user vslauser to the role...

Page 137: ...physical network for such unicasts There is also a chance of more than one vShield Manager Port Group Isolation vCenter installations on the same network In that case some of the host key MAC address...

Page 138: ...tries This will take care of things like VMs moving to different hosts or to make sure that the table does not grow too much in size with stale mac entries The used age seen bits represent the flags u...

Page 139: ...Sec service is running on the vShield Edge To verify using the CLI command show service ipsec IPSec service has to be started by issuing the start command If ipsec is running and any errors have occur...

Page 140: ...atrix available after 1 0 for version compatibility checking To retrieve version numbers for the various components do the following SVM strings libEPSec so grep BUILD_NUMBER provides the build number...

Page 141: ...r Level Rules 28 74 command syntax 90 configuration mode of CLI 90 configure terminal 94 connecting to vCenter Server 21 copy running config startup config 97 Create User 34 D data on demand backups 3...

Page 142: ...y of Zones Firewall rules 28 history of updates 38 host alarms for vShield Endpoint 82 hostname 99 Hosts Clusters view 18 HTTP proxy 23 I installing updates 37 interface 96 interface mode of CLI 90 in...

Page 143: ...how Logs 65 show manager log 116 show manager log last 117 show ntp 117 show process 118 Show Report 68 show route 118 show running config 118 show service 119 show service statistics 119 show service...

Page 144: ...Manager 13 vShield App about 14 CLI configuration 64 firewall logs 65 forcing sync 64 notification based on events 42 restarting 65 sending events to syslog server 63 System Status 64 traffic stats 6...

Page 145: ...45 Zones Firewall 27 vSphere Plug in 22 W web manager 129 write 103 write erase 104 write memory 104 Z Zones Firewall 27 adding L2 L3 rules 30 adding L4 rules 29 deleting rules 32 hierarchy of rules...

Page 146: ...vShield Administration Guide 146 VMware Inc...

Search results

Summary of Contents for VSHIELD APP 1.0 -

Reviews:

Related manuals for VSHIELD APP 1.0 -

Brands by name

Popular brands

VMware VSHIELD APP 1.0 -, Admin Manual

Search results

Summary of Contents for VSHIELD APP 1.0 -

Reviews:

Related manuals for VSHIELD APP 1.0 -

Brands by name

Popular brands