manualshive.com logo in svg

VMware VSHIELD APP 1.0.0 UPDATE 1 - API, Руководство администратора


Поделиться
Скачать
background image

vShield Administration Guide

70

VMware, Inc.

 

A security group is a trust zone that you create and assign resources to for App Firewall protection. Security 
groups are containers, like a vApp or a cluster. Security groups enables you to create a container by assigning 
resources arbitrarily, such as virtual machines and network adapters. After the security group is defined, you 
add the group as a container in the source or destination field of an App Firewall rule. See 

“Creating and 

Protecting Security Groups”

 on page 73.

Default Rules

By default, the App Firewall enforces a set of rules allowing traffic to pass through all vShield App instances. 
These rules appear in the 

Default Rules

 section of the App Firewall table. The default rules cannot be deleted 

or added to. However, you can change the 

Action

 element of each rule from 

Allow

 to 

Deny

.

Layer 4 Rules and Layer 2/Layer 3 Rules

The 

App Firewall

 tab offers two sets of configurable rules: L4 (Layer 4) rules and L2/L3 (Layer 2/Layer 3) rules. 

Layers refer to layers of the Open Systems Interconnection (OSI) Reference Model.

Layer 4 rules govern TCP and UDP transport of Layer 7, or application-specific, traffic. Layer 2/Layer 3 rules 
monitor traffic from ICMP, ARP, and other Layer 2 and Layer 3 protocols. You can configure Layer 2/Layer 3 
rules at the datacenter level only. By default, all Layer4 and Layer 2/Layer 3 traffic is allowed to pass.

Hierarchy of App Firewall Rules

Each vShield App enforces App Firewall rules in top-to-bottom ordering. A vShield App checks each traffic 
session against the top rule in the App Firewall table before moving down the subsequent rules in the table. 
The first rule in the table that matches the traffic parameters is enforced. 

The rules are enforced in the following hierarchy:

1

Data Center High Precedence Rules

2

Cluster Level Rules

3

Data Center Low Precedence Rules 

(seen as 

Rules below this level have lower precedence than cluster 

level rules 

when a datacenter resource

 

is selected)

4

Secure Port Group Rules

5

Default Rules

App Firewall offers container-level and custom priority precedence configurations:

Container-level precedence refers to recognizing the datacenter level as being higher in priority than the 
cluster level. When a rule is configured at the datacenter level, the rule is inherited by all clusters and 
vShield agents therein. A cluster-level rule is only applied to the vShield App within the cluster.

Custom priority precedence refers to the option of assigning high or low precedence to rules at the 
datacenter level. High precedence rules work as noted in the container-level precedence description. Low 
precedence rules include the Default Rules and the configuration of Data Center Low Precedence rules. 
This flexibility allows you to recognize multiple layers of applied precedence.

At the cluster level, you configure rules that apply to all vShield App instances within the cluster. Because 
Data Center High Precedence Rules are above Cluster Level Rules, ensure your Cluster Level Rules are 
not in conflict with Data Center High Precedence Rules.

Planning App Firewall Rule Enforcement

Using App Firewall, you can configure allow and deny rules based on your network policy. The following 
examples represent two common firewall policies:

Allow all traffic by default.

 You keep the default allow all rules and add deny rules based on Flow 

Monitoring data or manual App Firewall rule configuration. In this scenario, if a session does not match 
any of the deny rules, the vShield App allows the traffic to pass.

Содержание VSHIELD APP 1.0.0 UPDATE 1 - API

Страница 1: ...date 1 vShield App 1 0 0 Update 1 vShield Endpoint 1 0 0 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new...

Страница 2: ...bout this documentation submit your feedback to docfeedback vmware com Copyright 2010 VMware Inc All rights reserved This product is protected by U S and international copyright and intellectual prope...

Страница 3: ...Server 19 Register the vShield Manager as a vSphere Client Plug in 20 Identify DNS Services 20 Set the vShield Manager Date and Time 21 Identify a Proxy Server 21 Download a Technical Support Log fro...

Страница 4: ...Events 40 Syslog Format 40 View the Audit Log 41 9 Uninstalling vShield Components 43 Uninstall a vShield App or vShield Zones 43 Uninstall a vShield Edge from a Port Group 44 Uninstall Port Group Iso...

Страница 5: ...n Application Port Pair Mapping 67 Hide the Port Mappings Table 67 13 App Firewall Management 69 Using App Firewall 69 Securing Containers and Designing Security Groups 69 Default Rules 70 Layer 4 Rul...

Страница 6: ...hield OVA File Cannot Be Installed in vSphere Client 131 Cannot Log In to CLI After the vShield Manager Virtual Machine Starts 132 Cannot Log In to the vShield Manager User Interface 132 Troubleshooti...

Страница 7: ...amiliar to you For definitions of terms as they are used in VMware technical documentation go to http www vmware com support pubs Document Feedback VMware welcomes your suggestions for improving our d...

Страница 8: ...on labs case study examples and course materials designed to be used as on the job reference tools Courses are available onsite in the classroom and live online For onsite pilot programs and implemen...

Страница 9: ...VMware Inc 9 vShield Manager and vShield Zones...

Страница 10: ...vShield Administration Guide 10 VMware Inc...

Страница 11: ...n be configured through a web based user interface a vSphere Client plug in a command line interface CLI and REST API To run vShield you need one vShield Manager virtual machine and at least one vShie...

Страница 12: ...eate access control policies regardless of network topology A vShield App monitors all traffic in and out of an ESX host including between virtual machines in the same port group vShield App includes...

Страница 13: ...the current ESX host undergoes a reboot or maintenance mode routine Each vShield Edge should move with its secured port group to maintain security settings and services vShield App and Port Group Iso...

Страница 14: ...vShield Administration Guide 14 VMware Inc...

Страница 15: ...ser window and type the IP address assigned to the vShield Manager The vShield Manager user interface opens in an SSH session 2 Accept the security certificate The vShield Manager login screen appears...

Страница 16: ...and Secured Port Groups The Hosts Clusters view displays the datacenters clusters resource pools and ESX hosts in your inventory The Networks view displays the VLAN networks and port groups in your i...

Страница 17: ...s that can be configured based on the selected inventory resource and the output of vShield operation Each resource offers multiple tabs each tab presenting information or configuration forms correspo...

Страница 18: ...vShield Administration Guide 18 VMware Inc...

Страница 19: ...vShield Manager is installed as a virtual machine log in to the vShield Manager user interface to connect to your vCenter Server This enables the vShield Manager to display your VMware Infrastructure...

Страница 20: ...from the vShield Manager inventory panel 4 Click the Configuration tab The vCenter screen appears 5 Under vSphere Plug in click Register Registration might take a few minutes 6 Log in to the vSphere...

Страница 21: ...figure the vShield Manager to use the proxy server The vShield Manager supports application level HTTP HTTPS proxies such as CacheFlow and Microsoft ISA Server To identify a proxy server 1 Click Setti...

Страница 22: ...software running on your vShield components The Update Status tab appears See View the Current System Software on page 35 Add an SSL Certificate to Identify the vShield Manager Web Service You can ge...

Страница 23: ...figuration tab 3 Click SSL Certificate 4 Under Import Signed Certificate click Browse at Certificate File to find the file 5 Select the type of certificate file from the Certificate File drop down lis...

Страница 24: ...vShield Administration Guide 24 VMware Inc...

Страница 25: ...ones Firewall rules at the datacenter cluster and port group levels to provide a consistent set of rules across multiple vShield Zones instances under these containers As membership in these container...

Страница 26: ...s Container level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by al...

Страница 27: ...addresses in the Source and Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Sel...

Страница 28: ...ort and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Select the Log check box to log all sessions matching this rule 9 Click Commit to s...

Страница 29: ...ive sessions against the current firewall rules 1 Update and commit the Zones Firewall rule set at the appropriate container level 2 Open a console session on a vShield Zones instance issue the valida...

Страница 30: ...s Firewall Rule You can delete any App Firewall rule you have created You cannot delete the any rules in the Default Rules section of the table To delete an App Firewall rule 1 Click an existing row i...

Страница 31: ...page 33 Managing User Rights Within the vShield Manager user interface a user s rights define the actions the user is allowed to perform on a given resource Rights determine the user s authorized acti...

Страница 32: ...Full Name for identification purposes 6 Optional Type an Email Address 7 Type a Password for login 8 Re type the password in the Retype Password field 9 Click OK After account creation you configure...

Страница 33: ...your changes Delete a User Account You can delete any created user account You cannot delete the admin account Audit records for deleted users are maintained in the database and can be referenced in a...

Страница 34: ...vShield Administration Guide 34 VMware Inc...

Страница 35: ...e available as offline updates When an update is made available you can download the update to your PC and then upload the update by using the vShield Manager user interface When the update is uploade...

Страница 36: ...upgraded when the status of the last vShield App is displayed as Finished 7 After the vShield Manager reboots click the Update Status tab 8 Click Reboot Manager if prompted 9 Click Finish Install to c...

Страница 37: ...ation tab 3 Click Backups 4 Optional Select the Exclude System Events check box if you do not want to back up system event tables 5 Optional Select the Exclude Audit Logs check box if you do not want...

Страница 38: ...ype the User Name required to login to the backup system 11 Type the Password associated with the user name for the backup system 12 In the Backup Directory field type the absolute path where backups...

Страница 39: ...he System Event Report The vShield Manager aggregates system events into a report that can be filtered by vShield App and event severity To view the System Event report 1 Click Settings Reports from t...

Страница 40: ...log follow command Run show log follow command Run show log follow command Syslog NA See Syslog Format on page 40 e1000 mgmt e1000_watchdog_task NIC Link is Up Down 100 Mbps Full Duplex For scripting...

Страница 41: ...anager users The vShield Manager retains audit log data for one year after which time the data is discarded To view the Audit Log 1 Click Settings Reports from the vShield Manager inventory panel 2 Cl...

Страница 42: ...vShield Administration Guide 42 VMware Inc...

Страница 43: ...t 2 Select the ESX host from the inventory tree 3 Click the vShield tab 4 Click Uninstall for the vShield App or vShield Zones service The instance is uninstalled Uninstalling vShield Components 9 NOT...

Страница 44: ...bled Port Group Isolation you must migrate or power off the virtual machines on the ESX host from which you want to uninstall a vShield Edge Uninstalling Port Group Isolation places the ESX host in ma...

Страница 45: ...d for 40007 SVM with moid not registered 40015 vmId is malformatted or of incorrect length Uninstall the vShield Endpoint Module from the vSphere Client Uninstalling an vShield Endpoint module puts th...

Страница 46: ...vShield Administration Guide 46 VMware Inc...

Страница 47: ...VMware Inc 47 vShield Edge and Port Group Isolation...

Страница 48: ...vShield Administration Guide 48 VMware Inc...

Страница 49: ...cify a Remote Syslog Server on page 50 Managing the vShield Edge Firewall on page 50 Manage NAT Rules on page 51 Manage DHCP Service on page 52 Manage VPN Service on page 53 Manage Load Balancer Servi...

Страница 50: ...e a vShield Edge Firewall Rule vShield Edge firewall rules police traffic based on the following criteria You can add destination and source port ranges to a rule for dynamic services such as FTP and...

Страница 51: ...issue the validate sessions command from the CLI of a vShield Edge instance to purge sessions that are in violation of current policy To validate active sessions against the current firewall rules 1...

Страница 52: ...nal interface on the vShield Edge as the default gateway address for all clients and the broadcast and subnet mask values of the internal interface for the container network To add a DHCP IP pool 1 In...

Страница 53: ...ed Port Group At this time vShield Edge supports pre shared key mode IP unicast traffic and no dynamic routing protocol between the vShield Edge and remote VPN routers Behind each remote VPN router yo...

Страница 54: ...er Site Configuration click Create Site 6 Type a name to identify the site in Site Name 7 Type the IP address of the site in Remote EndPoint 8 Type the Shared Secret 9 Type an MTU threshold 10 Click A...

Страница 55: ...nventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Load Balancer link 5 Click Add Rule above the External IP Addresses tab...

Страница 56: ...select a service and click Start to start the service Select a service and click Stop to stop a running service 6 If a service has been started but is not responding click Refresh Status to send a syn...

Страница 57: ...VMware Inc 57 vShield App and vShield Endpoint...

Страница 58: ...vShield Administration Guide 58 VMware Inc...

Страница 59: ...s and make the rules easier to track You can monitor the health of vShield App instances by using the vShield Manager user interface and by sending vShield App system events to a syslog server This ch...

Страница 60: ...the health of a vShield App Details include system statistics status of interfaces software version and environmental variables To view the health of a vShield App 1 Log in to the vShield Manager user...

Страница 61: ...art 6 Click OK in the pop up window to confirm reboot View Traffic Statistics by vShield App Interface You can view the traffic statistics for each vShield interface To view traffic statistics by vShi...

Страница 62: ...vShield Administration Guide 62 VMware Inc...

Страница 63: ...arts on page 64 Change the Date Range of the Flow Monitoring Charts on page 64 View the Flow Monitoring Report on page 64 Add an App Firewall Rule from the Flow Monitoring Report on page 65 Editing Po...

Страница 64: ...a datacenter or cluster resource from the resource tree 3 Click the vShield App tab 4 Click Flow Monitoring The charts are updated to display the most current information for the last seven days This...

Страница 65: ...allow or deny rule App Firewall rule creation from Flow Monitoring data is available at the datacenter and cluster levels only To add an App Firewall rule from the Flow Monitoring report 1 In the vSph...

Страница 66: ...nown applications and protocols their respective ports and a description vShield recognizes common protocol and port mappings such as HTTP over port 80 Your organization might employ an application or...

Страница 67: ...ing from the table When you delete a mapping any traffic to the application port pair is listed as Uncategorized in the Flow Monitoring statistics To delete an application port pair mapping 1 Go to In...

Страница 68: ...vShield Administration Guide 68 VMware Inc...

Страница 69: ...onsistent set of rules across multiple vShield App instances under these containers As membership in these containers can change dynamically App Firewall maintains the state of existing sessions witho...

Страница 70: ...ble that matches the traffic parameters is enforced The rules are enforced in the following hierarchy 1 Data Center High Precedence Rules 2 Cluster Level Rules 3 Data Center Low Precedence Rules seen...

Страница 71: ...d A new appears below the selected row 6 Double click each cell in the new row to select the appropriate information You can type IP addresses in the Source and Destination fields and port numbers in...

Страница 72: ...e 9 Click Commit to save the rule To create a firewall rule at the port group level 1 In the vSphere Client go to Inventory Networking 2 Select a port group from the resource tree 3 Click the vShield...

Страница 73: ...to log all sessions matching this rule 9 Click Commit Creating and Protecting Security Groups The Security Groups feature enables you to create custom containers to which you can assign resources such...

Страница 74: ...By default a vShield Edge matches firewall rules against each new session After a session has been established any firewall rule changes do not affect active sessions The CLI command validate sessions...

Страница 75: ...it Using SpoofGuard After synchronizing with the vCenter Server the vShield Manager collects the IP addresses of all vCenter guest virtual machines from VMware Tools on each virtual machine Up to vShi...

Страница 76: ...s assignments you must approve IP address assignments to allow traffic from those virtual machines to pass To approve an IP address 1 In the vShield Manager user interface go to the Hosts and Clusters...

Страница 77: ...n the Approved IP Address pop up window 7 Click Apply 8 Click Publish Changes Delete an IP Address You can delete a MAC to IP address assignment from the SpoofGuard table to clean the table of a virtu...

Страница 78: ...vShield Administration Guide 78 VMware Inc...

Страница 79: ...sident thin agent To view vShield Endpoint status 1 In the vSphere Client go to Inventory Hosts and Clusters 2 Select a datacenter cluster or ESX host resource from the resource tree 3 Click the vShie...

Страница 80: ...ents affecting the health status of the vShield Endpoint module Table 14 1 Warnings Marked Yellow Possible Cause Action SVM is registered but vShield Endpoint module does not see any virtual machines...

Страница 81: ...nts Those virtual machines are not protected while this warning persists This is usually a transient alarm that does not require attention If it persists or turns to red look at the vCenter Server eve...

Страница 82: ...SM_SVM_EVENT_DROPPED_EVENTS timestamp warning Health Status information has been lost 2006 VSM_SVM_EVENT_MISSING_REPORT timestamp error vShield Manager lost communication with SVM 2007 VSM_SVM_EVENT_R...

Страница 83: ...esponding ESX host for example during power up or incoming vMotion 1001 VSM_VM_EVENT_DISCONNECTED VM configured for vShield Endpoint protection will generate this event when loaded on the correspondin...

Страница 84: ...number Thin agent initialization failure Successfully found SCSI device to communicate with the security virtual machine SVM Failure to create filter device object or failure to attach to device stac...

Страница 85: ...VMware Inc 85 Appendixes...

Страница 86: ...vShield Administration Guide 86 VMware Inc...

Страница 87: ...elect the vShield virtual machine from the inventory panel and click the Console tab You can log in to the CLI by using the default user name admin and password default You can also use SSH to access...

Страница 88: ...commands move the pointer around on the command line Keystrokes Description CTRL A Moves the pointer to beginning of the line CTRL B or the left arrow key Moves the pointer back one character CTRL C...

Страница 89: ...nt password and the Privileged mode password are managed separately The default Privileged mode password is the same for each CLI user account You should change the Privileged mode password to secure...

Страница 90: ...ser account other than admin 5 Switch to Privileged mode 6 Switch to Configuration mode 7 Delete the admin user account manager config no user admin 8 Save the configuration 9 Run the exit command twi...

Страница 91: ...age 102 Show Commands on page 107 Diagnostics and Troubleshooting Commands on page 123 User Administration Commands on page 126 Terminal Commands on page 128 Deprecated Commands on page 129 Administra...

Страница 92: ...no before the command Syntax no shutdown CLI Mode Privileged Interface Configuration Example vShield shutdown or vShield config interface mgmt vShield config if shutdown vShield config if no shutdown...

Страница 93: ...eld Related Commands disable end Ends the current CLI mode and switches to the previous mode Syntax end CLI Mode Basic Privileged Configuration and Interface Configuration Example vShield end vShield...

Страница 94: ...eld configure terminal vShield config interface mgmt vShield config if or vShield config no interface mgmt Related Commands show interface quit Quits Interface Configuration mode and switches to Confi...

Страница 95: ...s vShield App CLI Example manager clear vmwall rules Related Commands show vmwall log show vmwall rules cli ssh allow Enable or disable access to the CLI via SSH session Syntax no cli ssh allow CLI Mo...

Страница 96: ...s not affected by this command Syntax database erase CLI Mode Privileged Usage Guidelines vShield Manager CLI Example manager database erase enable password Changes the Privileged mode password You sh...

Страница 97: ...om an interface use no before the command Syntax no ip address A B C D M CLI Mode Interface Configuration Example vShield config interface mgmt vShield config if ip address 192 168 110 200 24 or vShie...

Страница 98: ...0 0 0 0 0 192 168 1 1 Related Commands show ip route manager key Sets a shared key for authenticating communication between a vShield App and the vShield Manager You can set a shared key on any vShie...

Страница 99: ...use no before the command Syntax no ntp server HOSTNAME A B C D CLI Mode Configuration Usage Guidelines vShield App CLI Example vShield configure terminal vShield config ntp server 10 1 1 113 or vShi...

Страница 100: ...stances Press ENTER to accept a default value Syntax setup CLI Mode Basic Usage Guidelines The Manager key option is applicable to vShield App setup only Example manager config setup Default settings...

Страница 101: ...send system events You can also identify one or more syslog servers by using the vShield Manager user interface See Send vShield App System Events to a Syslog Server on page 59 To disable syslog expor...

Страница 102: ...mands debug copy Copies one or all packet trace or tcpdump files and exports them to a remote server You must enable the debug packet capture command before you can copy and export files Syntax debug...

Страница 103: ...debug packet capture segment 0 host_10 10 11 11_port_8 Related Commands debug copy debug packet display interface debug packet display interface Displays all packets captured by a vShield App or vShie...

Страница 104: ...all CLI Mode Privileged Usage Guidelines vShield App CLI Example vShield debug remove tcpdumps all Option Description mgmt u0 p0 The specific vShield App interface from which to capture packets EXPRE...

Страница 105: ...Detection sysmgr high Related Commands show services debug service flow src Debugs messages for a service that is processing traffic between a specific source to destination pair You can run the show...

Страница 106: ...dst 192 168 110 200 24 4567 Related Commands show services debug show files Shows the tcpdump files that have been saved Syntax debug show files CLI Mode Privileged Usage Guidelines vShield App CLI Ex...

Страница 107: ...90 D5 36 C1 mgmt show arp Shows the contents of the ARP cache Syntax show arp CLI Mode Basic Privileged Example vShield show arp IP address HW type Flags HW address Mask Device 192 0 2 130 0x1 0x6 00...

Страница 108: ...that are enabled You must enable a debug path by running the debug packet or one of the debug service commands Syntax show debug CLI Mode Basic Privileged Usage Guidelines vShield App CLI Example vSh...

Страница 109: ...e hard disk drive capacity for a vShield virtual machine vShield App instances have one disk drive the vShield Manager has two disk drives Syntax show filesystem CLI Mode Basic Privileged Example vShi...

Страница 110: ...07 3 Intel Corporation 82371AB EB MB PIIX4 ACPI 07 7 VMware Inc Virtual Machine Communication Interface 0f 0 VMware Inc Abstract SVGA II Adapter 10 0 BusLogic BT 946C BA80C30 MultiMaster 10 11 0 0000...

Страница 111: ...rors 0 length 0 overrun 0 CRC 0 frame 0 fifo 0 missed 0 output packets 2754582 bytes 559149291 dropped 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 Related Commands interface show...

Страница 112: ...s for a vShield Edge Syntax show kernel message CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vshieldEdge show kernel message Related Commands show kernel message last Option Des...

Страница 113: ...ice node dev vcs12 Aug 7 17 32 37 vShield_118 udev 21429 removing device node dev vcsa12 Aug 7 17 32 37 vShield_118 udev 21432 creating device node dev vcs12 Aug 7 17 32 37 vShield_118 udev 21433 crea...

Страница 114: ...delines vShield App CLI Example vShield show log events Related Commands show log show log last Shows last n lines of the log Syntax show log last NUM CLI Mode Basic Privileged Example vShield show lo...

Страница 115: ...Db Applications SEM Info Nov 15 2005 02 46 23 PM RefreshDb Compiler version pairs found Related Commands show manager log last show manager log last Shows the last n number of events in the vShield Ma...

Страница 116: ...ocess list monitor CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show process list show route Shows the current routes configured on a vShield Edge Syntax show route...

Страница 117: ...CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show service dhcp show service statistics Shows the current status of all services on a vShield Edge Details include the...

Страница 118: ...MSRPC Dynamic Port Detection Reverse 62 2050001_SAFLOW SUNRPC Dynamic Port Detection Reverse 63 2050001_SAFLOW ORACLE Dynamic Port Detection 64 2050001_SAFLOW Generic Single Session Inverse Attached 6...

Страница 119: ...0 0 0 0 0 7060 0 0 0 0 LISTEN V_Listen tcp 0 0 192 168 110 229 46132 0 0 0 0 LISTEN Related Commands show session manager counters show slots Shows the software images on the slots of a vShield virtu...

Страница 120: ...yntax show syslog CLI Mode Basic Privileged Example vShield show syslog var log messages emerg dev tty1 Related Commands syslog show system events Shows the latest vShield Edge system events which hav...

Страница 121: ...of memory utilization Syntax show system memory CLI Mode Basic Privileged Example vShield show system mem MemTotal 2072204 kB MemFree 1667248 kB Buffers 83120 kB show system network_connections Shows...

Страница 122: ...ple vShield show system uptime 0 day s 8 hour s 50 minute s 26 second s show version Shows the software version currently running on the virtual machine Syntax show version CLI Mode Basic Privileged E...

Страница 123: ...iagnostics to a specific location via Secure Copy Protocol SCP You can also export system diagnostics for a vShield virtual machine from the vShield Manager user interface See Download a Technical Sup...

Страница 124: ...of a virtual machine protected by a vShield Edge Syntax ping interface addr SOURCE_HOSTNAME A B C D DEST_HOSTNAME A B C D CLI Mode Basic Privileged Usage Guidelines vShield Edge only This command is...

Страница 125: ...sh Opens an SSH connection to a remote system Syntax ssh HOSTNAME A B C D CLI Mode Basic Privileged Example vShield ssh server123 telnet Opens a telnet session to a remote system Syntax telnet HOSTNAM...

Страница 126: ...16 67 118 10 16 67 118 1 120 ms 1 054 ms 1 273 ms validate sessions Validates the existing sessions against the current set of firewall rules Syntax validate sessions CLI Mode Privileged Usage Guideli...

Страница 127: ...the vShield Manager is installed To stop the web service HTTP daemon on the vShield Manager use no before the command This command makes the vShield Manager unavailable to Web Console browser sessions...

Страница 128: ...et CLI Mode Basic Privileged Configuration Example manager reset Related Commands terminal length terminal no length terminal length Sets the number of rows to display at a time in the CLI terminal Sy...

Страница 129: ...table lists deprecated commands Table A 1 Deprecated Commands Command close support tunnel copy http URL slot 1 2 copy http URL temp copy scp URL slot 1 2 copy scp URL temp debug export snapshot debug...

Страница 130: ...vShield Administration Guide 130 VMware Inc...

Страница 131: ...ager Installation vShield OVA File Extracted to a PC Where vSphere Client Is Not Installed Problem I obtained the vShield OVA file and downloaded it to my PC If I do not have the vSphere Client on my...

Страница 132: ...om the vShield Manager there is a break in connectivity between the two virtual machines The vShield management interface cannot talk to the vShield Manager management interface Make sure that the man...

Страница 133: ...cause No Flow Data Displaying in Flow Monitoring Problem I have installed the vShield Manager and a vShield App When I opened the Flow Monitoring tab I did not see any data Solution This might be the...

Страница 134: ...creates the following entities Creates a user named vslauser and sets a default password To see if the user was added vi etc passwd Adds the role vslauser and associates the user vslauser to the role...

Страница 135: ...physical network for such unicasts There is also a chance of more than one vShield Manager Port Group Isolation vCenter installations on the same network In that case some of the host key MAC address...

Страница 136: ...tries This will take care of things like VMs moving to different hosts or to make sure that the table does not grow too much in size with stale mac entries The used age seen bits represent the flags u...

Страница 137: ...Sec service is running on the vShield Edge To verify using the CLI command show service ipsec IPSec service has to be started by issuing the start command If ipsec is running and any errors have occur...

Страница 138: ...atrix available after 1 0 for version compatibility checking To retrieve version numbers for the various components do the following SVM strings libEPSec so grep BUILD_NUMBER provides the build number...

Страница 139: ...vel Rules 26 70 command syntax 88 configuration mode of CLI 88 configure terminal 92 connecting to vCenter Server 19 copy running config startup config 95 Create User 32 D data on demand backups 37 re...

Страница 140: ...s for vShield Endpoint 80 hostname 97 Hosts Clusters view 16 HTTP proxy 21 I installing updates 35 interface 94 interface mode of CLI 88 inventory panel 16 ip address 97 ip name server 97 ip route 98...

Страница 141: ...w Report 64 show route 116 show running config 116 show service 117 show service statistics 117 show services 118 show session manager counters 118 show session manager sessions 119 show slots 119 sho...

Страница 142: ...about 12 CLI configuration 60 forcing sync 60 notification based on events 40 restarting 61 sending events to syslog server 59 System Status 60 traffic stats 61 uninstall 43 vShield Edge about 12 add...

Страница 143: ...43 Zones Firewall 25 vSphere Plug in 20 W web manager 127 write 101 write erase 102 write memory 102 Z Zones Firewall 25 adding L2 L3 rules 28 adding L4 rules 27 deleting rules 30 hierarchy of rules...

Страница 144: ...vShield Administration Guide 144 VMware Inc...

Отзывы:

Нет отзывов

Похожие инструкции для VSHIELD APP 1.0.0 UPDATE 1 - API

Lexmark Apps User Manual preview
Apps
Бренд: Lexmark Страницы: 3
Arturia JUPITER-8V 2 User Manual preview
JUPITER-8V 2
Бренд: Arturia Страницы: 125
Adobe 38000827 - Macromedia ColdFusion MX Standard Edition Administration Manual preview
38000827 - Macromedia ColdFusion MX Standard Edition
Бренд: Adobe Страницы: 68
IBM PERFORMANCE MANAGEMENT FOR POWER SYSTEMS Getting Started Manual preview
PERFORMANCE MANAGEMENT FOR POWER SYSTEMS
Бренд: IBM Страницы: 12
FARONICS DEVICE FILTER MAC Manual preview
DEVICE FILTER MAC
Бренд: FARONICS Страницы: 30
HP PROBOOK 4425S Specifications preview
PROBOOK 4425S
Бренд: HP Страницы: 4
Lenovo Active Protection System Manual preview
Active Protection System
Бренд: Lenovo Страницы: 10
Lenovo Aptiva Hardware Maintenance Manual preview
Aptiva
Бренд: Lenovo Страницы: 464
Lenovo ACTIVATION Error Code List preview
ACTIVATION
Бренд: Lenovo Страницы: 3
DeLorme Street Atlas USA 2011 User Manual preview
Street Atlas USA 2011
Бренд: DeLorme Страницы: 265
FujiFilm FinePixViewer Release Note preview
FinePixViewer
Бренд: FujiFilm Страницы: 3
LEI Extras FISHEASY ST - Addendum preview
FISHEASY ST -
Бренд: LEI Extras Страницы: 8
Bay Networks Gateway Routing Manager Software Manual preview
Gateway Routing Manager
Бренд: Bay Networks Страницы: 20
Bay Networks RADIUS Reference Manual preview
RADIUS
Бренд: Bay Networks Страницы: 58
Autodesk 18507-051452-9325 - UPG ARCH DESKTOP 2007 Installation Manual preview
18507-051452-9325 - UPG ARCH DESKTOP 2007
Бренд: Autodesk Страницы: 104
IBM Terminal Emulation TN5250 User Manual preview
Terminal Emulation TN5250
Бренд: IBM Страницы: 51
FARONICS ANTI-EXECUTABLE STANDARD Manual preview
ANTI-EXECUTABLE STANDARD
Бренд: FARONICS Страницы: 46
DAVIS WeatherLink APRS Addendum preview
WeatherLink APRS
Бренд: DAVIS Страницы: 8

Бренды по названию

Популярные бренды

Загрузить еще бренды