manualshive.com logo in svg

VMware VSHIELD APP 1.0.0 UPDATE 1 - API, Руководство администратора

Поделиться
Скачать
VMware VSHIELD APP 1.0.0 UPDATE 1 - API Скачать руководство пользователя страница 71

VMware, Inc.

71

Chapter 13 App Firewall Management

 

Deny all traffic by default.

You can change the 

Action

 status of the default rules from 

Allow

 to 

Deny

, and 

add allow rules explicitly for specific systems and applications. In this scenario, if a session does not 
match any of the allow rules, the vShield App drops the session before it reaches its destination. If you 
change all of the default rules to deny any traffic, the vShield App drops all incoming and outgoing traffic.

Create an App Firewall Rule

App Firewall rules allow or deny traffic based on the following criteria:

You can add destination and source port ranges to a rule for dynamic services such as FTP and RPC, which 
require multiple ports to complete a transmission.

To create a firewall rule at the datacenter level

1

In the vSphere Client, go to 

Inventory > Hosts and Clusters

.

2

Select a datacenter resource from the resource tree.

3

Click  the 

vShield App

 tab.

4

Click 

App Firewall

By default, the 

L4 Rules

 option is selected.

To create L2/L3 rules, see 

“Create a Layer 2/Layer 3 App Firewall Rule”

 on page 73.

5

Do one of the following:

Click 

Add

 to add a new rule to the Data Center Low Precedence Rules (

Rules below this level have 

lower precedence...

).

Select a row in the Data Center High Precedence Rules section of the table and click 

Add

. A new 

appears below the selected row.

6

Double-click each cell in the new row to select the appropriate information.

You can type IP addresses in the 

Source 

and 

Destination

 fields, and port numbers in the 

Source Port

 and

 

Destination Port 

fields.

7

(Optional) Select the new row and click 

Up

 to move the rule up in priority.

8

(Optional) Select the 

Log

 check box to log all sessions matching this rule.

9

Click 

Commit

 to save the rule.

Criteria

Description

Source (A.B.C.D/nn)

Container, direction in relation to container, or IP address with netmask (nn) from 
which the communication originated.

Source Port

Port or range of ports from which the communication originated. To enter a port 
range, separate the low and high end of the range with a colon. For example, 
1000:1100.

Destination (A.B.C.D/nn)

Container, direction in relation to container, or IP address with netmask (nn) which 
the communication is targeting.

Destination Application

The application on the destination the source is targeting. If you select a protocol 
from the drop-down list, the well-known port for the selected protocol appears in 
the Destination Port field.

Destination Port

Port or range of ports which the communication is targeting. To enter a port range, 
separate the low and high end of the range with a colon. For example, 1000:1100.

Protocol

Transport protocol used for communication.

N

OTE

   

Layer 4 firewall rules can also be created from the Flow Monitoring report. See 

“Add an App Firewall 

Rule from the Flow Monitoring Report”

 on page 65.

Содержание VSHIELD APP 1.0.0 UPDATE 1 - API

Страница 1: ...date 1 vShield App 1 0 0 Update 1 vShield Endpoint 1 0 0 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new...

Страница 2: ...bout this documentation submit your feedback to docfeedback vmware com Copyright 2010 VMware Inc All rights reserved This product is protected by U S and international copyright and intellectual prope...

Страница 3: ...Server 19 Register the vShield Manager as a vSphere Client Plug in 20 Identify DNS Services 20 Set the vShield Manager Date and Time 21 Identify a Proxy Server 21 Download a Technical Support Log fro...

Страница 4: ...Events 40 Syslog Format 40 View the Audit Log 41 9 Uninstalling vShield Components 43 Uninstall a vShield App or vShield Zones 43 Uninstall a vShield Edge from a Port Group 44 Uninstall Port Group Iso...

Страница 5: ...n Application Port Pair Mapping 67 Hide the Port Mappings Table 67 13 App Firewall Management 69 Using App Firewall 69 Securing Containers and Designing Security Groups 69 Default Rules 70 Layer 4 Rul...

Страница 6: ...hield OVA File Cannot Be Installed in vSphere Client 131 Cannot Log In to CLI After the vShield Manager Virtual Machine Starts 132 Cannot Log In to the vShield Manager User Interface 132 Troubleshooti...

Страница 7: ...amiliar to you For definitions of terms as they are used in VMware technical documentation go to http www vmware com support pubs Document Feedback VMware welcomes your suggestions for improving our d...

Страница 8: ...on labs case study examples and course materials designed to be used as on the job reference tools Courses are available onsite in the classroom and live online For onsite pilot programs and implemen...

Страница 9: ...VMware Inc 9 vShield Manager and vShield Zones...

Страница 10: ...vShield Administration Guide 10 VMware Inc...

Страница 11: ...n be configured through a web based user interface a vSphere Client plug in a command line interface CLI and REST API To run vShield you need one vShield Manager virtual machine and at least one vShie...

Страница 12: ...eate access control policies regardless of network topology A vShield App monitors all traffic in and out of an ESX host including between virtual machines in the same port group vShield App includes...

Страница 13: ...the current ESX host undergoes a reboot or maintenance mode routine Each vShield Edge should move with its secured port group to maintain security settings and services vShield App and Port Group Iso...

Страница 14: ...vShield Administration Guide 14 VMware Inc...

Страница 15: ...ser window and type the IP address assigned to the vShield Manager The vShield Manager user interface opens in an SSH session 2 Accept the security certificate The vShield Manager login screen appears...

Страница 16: ...and Secured Port Groups The Hosts Clusters view displays the datacenters clusters resource pools and ESX hosts in your inventory The Networks view displays the VLAN networks and port groups in your i...

Страница 17: ...s that can be configured based on the selected inventory resource and the output of vShield operation Each resource offers multiple tabs each tab presenting information or configuration forms correspo...

Страница 18: ...vShield Administration Guide 18 VMware Inc...

Страница 19: ...vShield Manager is installed as a virtual machine log in to the vShield Manager user interface to connect to your vCenter Server This enables the vShield Manager to display your VMware Infrastructure...

Страница 20: ...from the vShield Manager inventory panel 4 Click the Configuration tab The vCenter screen appears 5 Under vSphere Plug in click Register Registration might take a few minutes 6 Log in to the vSphere...

Страница 21: ...figure the vShield Manager to use the proxy server The vShield Manager supports application level HTTP HTTPS proxies such as CacheFlow and Microsoft ISA Server To identify a proxy server 1 Click Setti...

Страница 22: ...software running on your vShield components The Update Status tab appears See View the Current System Software on page 35 Add an SSL Certificate to Identify the vShield Manager Web Service You can ge...

Страница 23: ...figuration tab 3 Click SSL Certificate 4 Under Import Signed Certificate click Browse at Certificate File to find the file 5 Select the type of certificate file from the Certificate File drop down lis...

Страница 24: ...vShield Administration Guide 24 VMware Inc...

Страница 25: ...ones Firewall rules at the datacenter cluster and port group levels to provide a consistent set of rules across multiple vShield Zones instances under these containers As membership in these container...

Страница 26: ...s Container level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by al...

Страница 27: ...addresses in the Source and Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Sel...

Страница 28: ...ort and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Select the Log check box to log all sessions matching this rule 9 Click Commit to s...

Страница 29: ...ive sessions against the current firewall rules 1 Update and commit the Zones Firewall rule set at the appropriate container level 2 Open a console session on a vShield Zones instance issue the valida...

Страница 30: ...s Firewall Rule You can delete any App Firewall rule you have created You cannot delete the any rules in the Default Rules section of the table To delete an App Firewall rule 1 Click an existing row i...

Страница 31: ...page 33 Managing User Rights Within the vShield Manager user interface a user s rights define the actions the user is allowed to perform on a given resource Rights determine the user s authorized acti...

Страница 32: ...Full Name for identification purposes 6 Optional Type an Email Address 7 Type a Password for login 8 Re type the password in the Retype Password field 9 Click OK After account creation you configure...

Страница 33: ...your changes Delete a User Account You can delete any created user account You cannot delete the admin account Audit records for deleted users are maintained in the database and can be referenced in a...

Страница 34: ...vShield Administration Guide 34 VMware Inc...

Страница 35: ...e available as offline updates When an update is made available you can download the update to your PC and then upload the update by using the vShield Manager user interface When the update is uploade...

Страница 36: ...upgraded when the status of the last vShield App is displayed as Finished 7 After the vShield Manager reboots click the Update Status tab 8 Click Reboot Manager if prompted 9 Click Finish Install to c...

Страница 37: ...ation tab 3 Click Backups 4 Optional Select the Exclude System Events check box if you do not want to back up system event tables 5 Optional Select the Exclude Audit Logs check box if you do not want...

Страница 38: ...ype the User Name required to login to the backup system 11 Type the Password associated with the user name for the backup system 12 In the Backup Directory field type the absolute path where backups...

Страница 39: ...he System Event Report The vShield Manager aggregates system events into a report that can be filtered by vShield App and event severity To view the System Event report 1 Click Settings Reports from t...

Страница 40: ...log follow command Run show log follow command Run show log follow command Syslog NA See Syslog Format on page 40 e1000 mgmt e1000_watchdog_task NIC Link is Up Down 100 Mbps Full Duplex For scripting...

Страница 41: ...anager users The vShield Manager retains audit log data for one year after which time the data is discarded To view the Audit Log 1 Click Settings Reports from the vShield Manager inventory panel 2 Cl...

Страница 42: ...vShield Administration Guide 42 VMware Inc...

Страница 43: ...t 2 Select the ESX host from the inventory tree 3 Click the vShield tab 4 Click Uninstall for the vShield App or vShield Zones service The instance is uninstalled Uninstalling vShield Components 9 NOT...

Страница 44: ...bled Port Group Isolation you must migrate or power off the virtual machines on the ESX host from which you want to uninstall a vShield Edge Uninstalling Port Group Isolation places the ESX host in ma...

Страница 45: ...d for 40007 SVM with moid not registered 40015 vmId is malformatted or of incorrect length Uninstall the vShield Endpoint Module from the vSphere Client Uninstalling an vShield Endpoint module puts th...

Страница 46: ...vShield Administration Guide 46 VMware Inc...

Страница 47: ...VMware Inc 47 vShield Edge and Port Group Isolation...

Страница 48: ...vShield Administration Guide 48 VMware Inc...

Страница 49: ...cify a Remote Syslog Server on page 50 Managing the vShield Edge Firewall on page 50 Manage NAT Rules on page 51 Manage DHCP Service on page 52 Manage VPN Service on page 53 Manage Load Balancer Servi...

Страница 50: ...e a vShield Edge Firewall Rule vShield Edge firewall rules police traffic based on the following criteria You can add destination and source port ranges to a rule for dynamic services such as FTP and...

Страница 51: ...issue the validate sessions command from the CLI of a vShield Edge instance to purge sessions that are in violation of current policy To validate active sessions against the current firewall rules 1...

Страница 52: ...nal interface on the vShield Edge as the default gateway address for all clients and the broadcast and subnet mask values of the internal interface for the container network To add a DHCP IP pool 1 In...

Страница 53: ...ed Port Group At this time vShield Edge supports pre shared key mode IP unicast traffic and no dynamic routing protocol between the vShield Edge and remote VPN routers Behind each remote VPN router yo...

Страница 54: ...er Site Configuration click Create Site 6 Type a name to identify the site in Site Name 7 Type the IP address of the site in Remote EndPoint 8 Type the Shared Secret 9 Type an MTU threshold 10 Click A...

Страница 55: ...nventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Load Balancer link 5 Click Add Rule above the External IP Addresses tab...

Страница 56: ...select a service and click Start to start the service Select a service and click Stop to stop a running service 6 If a service has been started but is not responding click Refresh Status to send a syn...

Страница 57: ...VMware Inc 57 vShield App and vShield Endpoint...

Страница 58: ...vShield Administration Guide 58 VMware Inc...

Страница 59: ...s and make the rules easier to track You can monitor the health of vShield App instances by using the vShield Manager user interface and by sending vShield App system events to a syslog server This ch...

Страница 60: ...the health of a vShield App Details include system statistics status of interfaces software version and environmental variables To view the health of a vShield App 1 Log in to the vShield Manager user...

Страница 61: ...art 6 Click OK in the pop up window to confirm reboot View Traffic Statistics by vShield App Interface You can view the traffic statistics for each vShield interface To view traffic statistics by vShi...

Страница 62: ...vShield Administration Guide 62 VMware Inc...

Страница 63: ...arts on page 64 Change the Date Range of the Flow Monitoring Charts on page 64 View the Flow Monitoring Report on page 64 Add an App Firewall Rule from the Flow Monitoring Report on page 65 Editing Po...

Страница 64: ...a datacenter or cluster resource from the resource tree 3 Click the vShield App tab 4 Click Flow Monitoring The charts are updated to display the most current information for the last seven days This...

Страница 65: ...allow or deny rule App Firewall rule creation from Flow Monitoring data is available at the datacenter and cluster levels only To add an App Firewall rule from the Flow Monitoring report 1 In the vSph...

Страница 66: ...nown applications and protocols their respective ports and a description vShield recognizes common protocol and port mappings such as HTTP over port 80 Your organization might employ an application or...

Страница 67: ...ing from the table When you delete a mapping any traffic to the application port pair is listed as Uncategorized in the Flow Monitoring statistics To delete an application port pair mapping 1 Go to In...

Страница 68: ...vShield Administration Guide 68 VMware Inc...

Страница 69: ...onsistent set of rules across multiple vShield App instances under these containers As membership in these containers can change dynamically App Firewall maintains the state of existing sessions witho...

Страница 70: ...ble that matches the traffic parameters is enforced The rules are enforced in the following hierarchy 1 Data Center High Precedence Rules 2 Cluster Level Rules 3 Data Center Low Precedence Rules seen...

Страница 71: ...d A new appears below the selected row 6 Double click each cell in the new row to select the appropriate information You can type IP addresses in the Source and Destination fields and port numbers in...

Страница 72: ...e 9 Click Commit to save the rule To create a firewall rule at the port group level 1 In the vSphere Client go to Inventory Networking 2 Select a port group from the resource tree 3 Click the vShield...

Страница 73: ...to log all sessions matching this rule 9 Click Commit Creating and Protecting Security Groups The Security Groups feature enables you to create custom containers to which you can assign resources such...

Страница 74: ...By default a vShield Edge matches firewall rules against each new session After a session has been established any firewall rule changes do not affect active sessions The CLI command validate sessions...

Страница 75: ...it Using SpoofGuard After synchronizing with the vCenter Server the vShield Manager collects the IP addresses of all vCenter guest virtual machines from VMware Tools on each virtual machine Up to vShi...

Страница 76: ...s assignments you must approve IP address assignments to allow traffic from those virtual machines to pass To approve an IP address 1 In the vShield Manager user interface go to the Hosts and Clusters...

Страница 77: ...n the Approved IP Address pop up window 7 Click Apply 8 Click Publish Changes Delete an IP Address You can delete a MAC to IP address assignment from the SpoofGuard table to clean the table of a virtu...

Страница 78: ...vShield Administration Guide 78 VMware Inc...

Страница 79: ...sident thin agent To view vShield Endpoint status 1 In the vSphere Client go to Inventory Hosts and Clusters 2 Select a datacenter cluster or ESX host resource from the resource tree 3 Click the vShie...

Страница 80: ...ents affecting the health status of the vShield Endpoint module Table 14 1 Warnings Marked Yellow Possible Cause Action SVM is registered but vShield Endpoint module does not see any virtual machines...

Страница 81: ...nts Those virtual machines are not protected while this warning persists This is usually a transient alarm that does not require attention If it persists or turns to red look at the vCenter Server eve...

Страница 82: ...SM_SVM_EVENT_DROPPED_EVENTS timestamp warning Health Status information has been lost 2006 VSM_SVM_EVENT_MISSING_REPORT timestamp error vShield Manager lost communication with SVM 2007 VSM_SVM_EVENT_R...

Страница 83: ...esponding ESX host for example during power up or incoming vMotion 1001 VSM_VM_EVENT_DISCONNECTED VM configured for vShield Endpoint protection will generate this event when loaded on the correspondin...

Страница 84: ...number Thin agent initialization failure Successfully found SCSI device to communicate with the security virtual machine SVM Failure to create filter device object or failure to attach to device stac...

Страница 85: ...VMware Inc 85 Appendixes...

Страница 86: ...vShield Administration Guide 86 VMware Inc...

Страница 87: ...elect the vShield virtual machine from the inventory panel and click the Console tab You can log in to the CLI by using the default user name admin and password default You can also use SSH to access...

Страница 88: ...commands move the pointer around on the command line Keystrokes Description CTRL A Moves the pointer to beginning of the line CTRL B or the left arrow key Moves the pointer back one character CTRL C...

Страница 89: ...nt password and the Privileged mode password are managed separately The default Privileged mode password is the same for each CLI user account You should change the Privileged mode password to secure...

Страница 90: ...ser account other than admin 5 Switch to Privileged mode 6 Switch to Configuration mode 7 Delete the admin user account manager config no user admin 8 Save the configuration 9 Run the exit command twi...

Страница 91: ...age 102 Show Commands on page 107 Diagnostics and Troubleshooting Commands on page 123 User Administration Commands on page 126 Terminal Commands on page 128 Deprecated Commands on page 129 Administra...

Страница 92: ...no before the command Syntax no shutdown CLI Mode Privileged Interface Configuration Example vShield shutdown or vShield config interface mgmt vShield config if shutdown vShield config if no shutdown...

Страница 93: ...eld Related Commands disable end Ends the current CLI mode and switches to the previous mode Syntax end CLI Mode Basic Privileged Configuration and Interface Configuration Example vShield end vShield...

Страница 94: ...eld configure terminal vShield config interface mgmt vShield config if or vShield config no interface mgmt Related Commands show interface quit Quits Interface Configuration mode and switches to Confi...

Страница 95: ...s vShield App CLI Example manager clear vmwall rules Related Commands show vmwall log show vmwall rules cli ssh allow Enable or disable access to the CLI via SSH session Syntax no cli ssh allow CLI Mo...

Страница 96: ...s not affected by this command Syntax database erase CLI Mode Privileged Usage Guidelines vShield Manager CLI Example manager database erase enable password Changes the Privileged mode password You sh...

Страница 97: ...om an interface use no before the command Syntax no ip address A B C D M CLI Mode Interface Configuration Example vShield config interface mgmt vShield config if ip address 192 168 110 200 24 or vShie...

Страница 98: ...0 0 0 0 0 192 168 1 1 Related Commands show ip route manager key Sets a shared key for authenticating communication between a vShield App and the vShield Manager You can set a shared key on any vShie...

Страница 99: ...use no before the command Syntax no ntp server HOSTNAME A B C D CLI Mode Configuration Usage Guidelines vShield App CLI Example vShield configure terminal vShield config ntp server 10 1 1 113 or vShi...

Страница 100: ...stances Press ENTER to accept a default value Syntax setup CLI Mode Basic Usage Guidelines The Manager key option is applicable to vShield App setup only Example manager config setup Default settings...

Страница 101: ...send system events You can also identify one or more syslog servers by using the vShield Manager user interface See Send vShield App System Events to a Syslog Server on page 59 To disable syslog expor...

Страница 102: ...mands debug copy Copies one or all packet trace or tcpdump files and exports them to a remote server You must enable the debug packet capture command before you can copy and export files Syntax debug...

Страница 103: ...debug packet capture segment 0 host_10 10 11 11_port_8 Related Commands debug copy debug packet display interface debug packet display interface Displays all packets captured by a vShield App or vShie...

Страница 104: ...all CLI Mode Privileged Usage Guidelines vShield App CLI Example vShield debug remove tcpdumps all Option Description mgmt u0 p0 The specific vShield App interface from which to capture packets EXPRE...

Страница 105: ...Detection sysmgr high Related Commands show services debug service flow src Debugs messages for a service that is processing traffic between a specific source to destination pair You can run the show...

Страница 106: ...dst 192 168 110 200 24 4567 Related Commands show services debug show files Shows the tcpdump files that have been saved Syntax debug show files CLI Mode Privileged Usage Guidelines vShield App CLI Ex...

Страница 107: ...90 D5 36 C1 mgmt show arp Shows the contents of the ARP cache Syntax show arp CLI Mode Basic Privileged Example vShield show arp IP address HW type Flags HW address Mask Device 192 0 2 130 0x1 0x6 00...

Страница 108: ...that are enabled You must enable a debug path by running the debug packet or one of the debug service commands Syntax show debug CLI Mode Basic Privileged Usage Guidelines vShield App CLI Example vSh...

Страница 109: ...e hard disk drive capacity for a vShield virtual machine vShield App instances have one disk drive the vShield Manager has two disk drives Syntax show filesystem CLI Mode Basic Privileged Example vShi...

Страница 110: ...07 3 Intel Corporation 82371AB EB MB PIIX4 ACPI 07 7 VMware Inc Virtual Machine Communication Interface 0f 0 VMware Inc Abstract SVGA II Adapter 10 0 BusLogic BT 946C BA80C30 MultiMaster 10 11 0 0000...

Страница 111: ...rors 0 length 0 overrun 0 CRC 0 frame 0 fifo 0 missed 0 output packets 2754582 bytes 559149291 dropped 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 Related Commands interface show...

Страница 112: ...s for a vShield Edge Syntax show kernel message CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vshieldEdge show kernel message Related Commands show kernel message last Option Des...

Страница 113: ...ice node dev vcs12 Aug 7 17 32 37 vShield_118 udev 21429 removing device node dev vcsa12 Aug 7 17 32 37 vShield_118 udev 21432 creating device node dev vcs12 Aug 7 17 32 37 vShield_118 udev 21433 crea...

Страница 114: ...delines vShield App CLI Example vShield show log events Related Commands show log show log last Shows last n lines of the log Syntax show log last NUM CLI Mode Basic Privileged Example vShield show lo...

Страница 115: ...Db Applications SEM Info Nov 15 2005 02 46 23 PM RefreshDb Compiler version pairs found Related Commands show manager log last show manager log last Shows the last n number of events in the vShield Ma...

Страница 116: ...ocess list monitor CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show process list show route Shows the current routes configured on a vShield Edge Syntax show route...

Страница 117: ...CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show service dhcp show service statistics Shows the current status of all services on a vShield Edge Details include the...

Страница 118: ...MSRPC Dynamic Port Detection Reverse 62 2050001_SAFLOW SUNRPC Dynamic Port Detection Reverse 63 2050001_SAFLOW ORACLE Dynamic Port Detection 64 2050001_SAFLOW Generic Single Session Inverse Attached 6...

Страница 119: ...0 0 0 0 0 7060 0 0 0 0 LISTEN V_Listen tcp 0 0 192 168 110 229 46132 0 0 0 0 LISTEN Related Commands show session manager counters show slots Shows the software images on the slots of a vShield virtu...

Страница 120: ...yntax show syslog CLI Mode Basic Privileged Example vShield show syslog var log messages emerg dev tty1 Related Commands syslog show system events Shows the latest vShield Edge system events which hav...

Страница 121: ...of memory utilization Syntax show system memory CLI Mode Basic Privileged Example vShield show system mem MemTotal 2072204 kB MemFree 1667248 kB Buffers 83120 kB show system network_connections Shows...

Страница 122: ...ple vShield show system uptime 0 day s 8 hour s 50 minute s 26 second s show version Shows the software version currently running on the virtual machine Syntax show version CLI Mode Basic Privileged E...

Страница 123: ...iagnostics to a specific location via Secure Copy Protocol SCP You can also export system diagnostics for a vShield virtual machine from the vShield Manager user interface See Download a Technical Sup...

Страница 124: ...of a virtual machine protected by a vShield Edge Syntax ping interface addr SOURCE_HOSTNAME A B C D DEST_HOSTNAME A B C D CLI Mode Basic Privileged Usage Guidelines vShield Edge only This command is...

Страница 125: ...sh Opens an SSH connection to a remote system Syntax ssh HOSTNAME A B C D CLI Mode Basic Privileged Example vShield ssh server123 telnet Opens a telnet session to a remote system Syntax telnet HOSTNAM...

Страница 126: ...16 67 118 10 16 67 118 1 120 ms 1 054 ms 1 273 ms validate sessions Validates the existing sessions against the current set of firewall rules Syntax validate sessions CLI Mode Privileged Usage Guideli...

Страница 127: ...the vShield Manager is installed To stop the web service HTTP daemon on the vShield Manager use no before the command This command makes the vShield Manager unavailable to Web Console browser sessions...

Страница 128: ...et CLI Mode Basic Privileged Configuration Example manager reset Related Commands terminal length terminal no length terminal length Sets the number of rows to display at a time in the CLI terminal Sy...

Страница 129: ...table lists deprecated commands Table A 1 Deprecated Commands Command close support tunnel copy http URL slot 1 2 copy http URL temp copy scp URL slot 1 2 copy scp URL temp debug export snapshot debug...

Страница 130: ...vShield Administration Guide 130 VMware Inc...

Страница 131: ...ager Installation vShield OVA File Extracted to a PC Where vSphere Client Is Not Installed Problem I obtained the vShield OVA file and downloaded it to my PC If I do not have the vSphere Client on my...

Страница 132: ...om the vShield Manager there is a break in connectivity between the two virtual machines The vShield management interface cannot talk to the vShield Manager management interface Make sure that the man...

Страница 133: ...cause No Flow Data Displaying in Flow Monitoring Problem I have installed the vShield Manager and a vShield App When I opened the Flow Monitoring tab I did not see any data Solution This might be the...

Страница 134: ...creates the following entities Creates a user named vslauser and sets a default password To see if the user was added vi etc passwd Adds the role vslauser and associates the user vslauser to the role...

Страница 135: ...physical network for such unicasts There is also a chance of more than one vShield Manager Port Group Isolation vCenter installations on the same network In that case some of the host key MAC address...

Страница 136: ...tries This will take care of things like VMs moving to different hosts or to make sure that the table does not grow too much in size with stale mac entries The used age seen bits represent the flags u...

Страница 137: ...Sec service is running on the vShield Edge To verify using the CLI command show service ipsec IPSec service has to be started by issuing the start command If ipsec is running and any errors have occur...

Страница 138: ...atrix available after 1 0 for version compatibility checking To retrieve version numbers for the various components do the following SVM strings libEPSec so grep BUILD_NUMBER provides the build number...

Страница 139: ...vel Rules 26 70 command syntax 88 configuration mode of CLI 88 configure terminal 92 connecting to vCenter Server 19 copy running config startup config 95 Create User 32 D data on demand backups 37 re...

Страница 140: ...s for vShield Endpoint 80 hostname 97 Hosts Clusters view 16 HTTP proxy 21 I installing updates 35 interface 94 interface mode of CLI 88 inventory panel 16 ip address 97 ip name server 97 ip route 98...

Страница 141: ...w Report 64 show route 116 show running config 116 show service 117 show service statistics 117 show services 118 show session manager counters 118 show session manager sessions 119 show slots 119 sho...

Страница 142: ...about 12 CLI configuration 60 forcing sync 60 notification based on events 40 restarting 61 sending events to syslog server 59 System Status 60 traffic stats 61 uninstall 43 vShield Edge about 12 add...

Страница 143: ...43 Zones Firewall 25 vSphere Plug in 20 W web manager 127 write 101 write erase 102 write memory 102 Z Zones Firewall 25 adding L2 L3 rules 28 adding L4 rules 27 deleting rules 30 hierarchy of rules...

Страница 144: ...vShield Administration Guide 144 VMware Inc...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды