manualshive.com logo in svg

VMware VSHIELD APP 1.0 -, Руководство администратора

Поделиться
Скачать
VMware VSHIELD APP 1.0 - Скачать руководство пользователя страница 27

VMware, Inc.

27

 

4

vShield

 

Zones

 

provides

 

firewall

 

protection

 

access

 

policy

 

enforcement.

 

Traffic

 

details

 

include

 

sources,

 

destinations,

 

direction

 

of

 

sessions,

 

applications,

 

and

 

ports

 

being

 

used.

 

Traffic

 

details

 

can

 

be

 

used

 

to

 

create

 

firewall

 

allow

 

or

 

deny

 

rules.

This

 

chapter

 

includes

 

the

 

following

 

topics:

“Using

 

Zones

 

Firewall”

 

on

 

page 27

“Create

 

a

 

Zones

 

Firewall

 

Rule”

 

on

 

page 29

“Create

 

a

 

Layer

 

2/Layer

 

3

 

Zones

 

Firewall

 

Rule”

 

on

 

page 30

“Validating

 

Active

 

Sessions

 

against

 

the

 

Current

 

Zones

 

Firewall

 

Rules”

 

on

 

page 31

“Revert

 

to

 

a

 

Previous

 

Zones

 

Firewall

 

Configuration”

 

on

 

page 31

“Delete

 

a

 

Zones

 

Firewall

 

Rule”

 

on

 

page 32

Using Zones Firewall

Zones

 

Firewall

 

is

 

a

 

centralized,

 

hierarchical

 

firewall

 

for

 

ESX

 

hosts.

 

Zones

 

Firewall

 

enables

 

you

 

to

 

create

 

rules

 

that

 

allow

 

or

 

deny

 

access

 

to

 

and

 

from

 

your

 

virtual

 

machines.

 

Each

 

installed

 

vShield

 

Zones

 

enforces

 

the

 

App

 

Zones

 

rules.

You

 

can

 

manage

 

Zones

 

Firewall

 

rules

 

at

 

the

 

datacenter,

 

cluster,

 

and

 

port

 

group

 

levels

 

to

 

provide

 

a

 

consistent

 

set

 

of

 

rules

 

across

 

multiple

 

vShield

 

Zones

 

instances

 

under

 

these

 

containers.

 

As

 

membership

 

in

 

these

 

containers

 

can

 

change

 

dynamically,

 

Zones

 

Firewall

 

maintains

 

the

 

state

 

of

 

existing

 

sessions

 

without

 

requiring

 

reconfiguration

 

of

 

firewall

 

rules.

 

In

 

this

 

way,

 

Zones

 

Firewall

 

effectively

 

has

 

a

 

continuous

 

footprint

 

on

 

each

 

ESX

 

host

 

under

 

the

 

managed

 

containers.

When

 

creating

 

Zones

 

Firewall

 

rules,

 

you

 

create

 

5

tuple

 

firewall

 

rules

 

based

 

on

 

specific

 

source

 

and

 

destination

 

IP

 

addresses.

Zones Firewall Management

4

N

OTE

   

You

 

can

 

upgrade

 

vShield

 

Zones

 

to

 

vShield

 

App

 

by

 

obtaining

 

a

 

vShield

 

App

 

license.

 

vShield

 

App

 

enhances

 

vShield

 

Zones

 

protection

 

by

 

offering

 

Flow

 

Monitoring,

 

custom

 

container

 

creation

 

(Security

 

Groups),

 

and

 

container

based

 

access

 

policy

 

creation

 

and

 

enforcement.

 

You

 

do

 

not

 

have

 

to

 

uninstall

 

vShield

 

Zones

 

to

 

install

 

vShield

 

App.

 

All

 

vShield

 

Zones

 

instances

 

become

 

vShield

 

App

 

instances,

 

the

 

Zones

 

Firewall

 

becomes

 

App

 

Firewall,

 

and

 

the

 

additional

 

vShield

 

App

 

features

 

are

 

enabled.

Содержание VSHIELD APP 1.0 -

Страница 1: ...1 0 vShield Endpoint Security 1 0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition To check for more recen...

Страница 2: ...bout this documentation submit your feedback to docfeedback vmware com Copyright 2010 VMware Inc All rights reserved This product is protected by U S and international copyright and intellectual prope...

Страница 3: ...efreshing the Inventory Panel 18 Searching the Inventory Panel 18 vShield Manager Configuration Panel 19 3 Management System Settings 21 Identify Your vCenter Server 21 Register the vShield Manager as...

Страница 4: ...eport 41 System Event Notifications 42 vShield Manager Virtual Appliance Events 42 vShield App Events 42 Syslog Format 42 View the Audit Log 43 9 Uninstalling vShield Components 45 Uninstall a vShield...

Страница 5: ...ll Recorded Flows 70 Editing Port Mappings 70 Add an Application Port Pair Mapping 70 Delete an Application Port Pair Mapping 71 Hide the Port Mappings Table 71 13 App Firewall Management 73 Using App...

Страница 6: ...reboot 93 shutdown 94 CLI Mode Commands 94 configure terminal 94 disable 94 enable 95 end 95 exit 95 interface 96 quit 96 Configuration Commands 97 clear vmwall rules 97 cli ssh allow 97 copy running...

Страница 7: ...17 show ntp 117 show process 118 show route 118 show running config 118 show service 119 show service statistics 119 show services 119 show session manager counters 120 show session manager sessions 1...

Страница 8: ...eshooting Operation Issues 134 vShield Manager Cannot Communicate with a vShield App 134 Problem 134 Solution 134 Cannot Configure a vShield App 134 Problem 134 Solution 134 Firewall Block Rule Not Bl...

Страница 9: ...amiliar to you For definitions of terms as they are used in VMware technical documentation go to http www vmware com support pubs Document Feedback VMware welcomes your suggestions for improving our d...

Страница 10: ...s on labs case study examples and course materials designed to be used as on the job reference tools Courses are available onsite in the classroom and live online For onsite pilot programs and impleme...

Страница 11: ...VMware Inc 11 vShield Manager and vShield Zones...

Страница 12: ...vShield Administration Guide 12 VMware Inc...

Страница 13: ...n be configured through a web based user interface a vSphere Client plug in a command line interface CLI and REST API To run vShield you need one vShield Manager virtual machine and at least one vShie...

Страница 14: ...eate access control policies regardless of network topology A vShield App monitors all traffic in and out of an ESX host including between virtual machines in the same port group vShield App includes...

Страница 15: ...the current ESX host undergoes a reboot or maintenance mode routine Each vShield Edge should move with its secured port group to maintain security settings and services vShield App and Port Group Iso...

Страница 16: ...vShield Administration Guide 16 VMware Inc...

Страница 17: ...ser window and type the IP address assigned to the vShield Manager The vShield Manager user interface opens in an SSH session 2 Accept the security certificate The vShield Manager login screen appears...

Страница 18: ...and Secured Port Groups The Hosts Clusters view displays the datacenters clusters resource pools and ESX hosts in your inventory The Networks view displays the VLAN networks and port groups in your i...

Страница 19: ...s that can be configured based on the selected inventory resource and the output of vShield operation Each resource offers multiple tabs each tab presenting information or configuration forms correspo...

Страница 20: ...vShield Administration Guide 20 VMware Inc...

Страница 21: ...vShield Manager is installed as a virtual machine log in to the vShield Manager user interface to connect to your vCenter Server This enables the vShield Manager to display your VMware Infrastructure...

Страница 22: ...from the vShield Manager inventory panel 4 Click the Configuration tab The vCenter screen appears 5 Under vSphere Plug in click Register Registration might take a few minutes 6 Log in to the vSphere...

Страница 23: ...figure the vShield Manager to use the proxy server The vShield Manager supports application level HTTP HTTPS proxies such as CacheFlow and Microsoft ISA Server To identify a proxy server 1 Click Setti...

Страница 24: ...software running on your vShield components The Update Status tab appears See View the Current System Software on page 37 Add an SSL Certificate to Identify the vShield Manager Web Service You can ge...

Страница 25: ...figuration tab 3 Click SSL Certificate 4 Under Import Signed Certificate click Browse at Certificate File to find the file 5 Select the type of certificate file from the Certificate File drop down lis...

Страница 26: ...vShield Administration Guide 26 VMware Inc...

Страница 27: ...ones Firewall rules at the datacenter cluster and port group levels to provide a consistent set of rules across multiple vShield Zones instances under these containers As membership in these container...

Страница 28: ...s Container level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by al...

Страница 29: ...addresses in the Source and Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Sel...

Страница 30: ...ort and Destination Port fields 7 Optional Select the new row and click Up to move the row up in priority 8 Optional Select the Log check box to log all sessions matching this rule 9 Click Commit to s...

Страница 31: ...ive sessions against the current firewall rules 1 Update and commit the Zones Firewall rule set at the appropriate container level 2 Open a console session on a vShield Zones instance issue the valida...

Страница 32: ...s Firewall Rule You can delete any App Firewall rule you have created You cannot delete the any rules in the Default Rules section of the table To delete an App Firewall rule 1 Click an existing row i...

Страница 33: ...page 35 Managing User Rights Within the vShield Manager user interface a user s rights define the actions the user is allowed to perform on a given resource Rights determine the user s authorized acti...

Страница 34: ...Full Name for identification purposes 6 Optional Type an Email Address 7 Type a Password for login 8 Re type the password in the Retype Password field 9 Click OK After account creation you configure...

Страница 35: ...your changes Delete a User Account You can delete any created user account You cannot delete the admin account Audit records for deleted users are maintained in the database and can be referenced in a...

Страница 36: ...vShield Administration Guide 36 VMware Inc...

Страница 37: ...e available as offline updates When an update is made available you can download the update to your PC and then upload the update by using the vShield Manager user interface When the update is uploade...

Страница 38: ...upgraded when the status of the last vShield App is displayed as Finished 7 After the vShield Manager reboots click the Update Status tab 8 Click Reboot Manager if prompted 9 Click Finish Install to c...

Страница 39: ...ation tab 3 Click Backups 4 Optional Select the Exclude System Events check box if you do not want to back up system event tables 5 Optional Select the Exclude Audit Logs check box if you do not want...

Страница 40: ...ype the User Name required to login to the backup system 11 Type the Password associated with the user name for the backup system 12 In the Backup Directory field type the absolute path where backups...

Страница 41: ...he System Event Report The vShield Manager aggregates system events into a report that can be filtered by vShield App and event severity To view the System Event report 1 Click Settings Reports from t...

Страница 42: ...log follow command Run show log follow command Run show log follow command Syslog NA See Syslog Format on page 42 e1000 mgmt e1000_watchdog_task NIC Link is Up Down 100 Mbps Full Duplex For scripting...

Страница 43: ...anager users The vShield Manager retains audit log data for one year after which time the data is discarded To view the Audit Log 1 Click Settings Reports from the vShield Manager inventory panel 2 Cl...

Страница 44: ...vShield Administration Guide 44 VMware Inc...

Страница 45: ...t 2 Select the ESX host from the inventory tree 3 Click the vShield tab 4 Click Uninstall for the vShield App or vShield Zones service The instance is uninstalled Uninstalling vShield Components 9 NOT...

Страница 46: ...bled Port Group Isolation you must migrate or power off the virtual machines on the ESX host from which you want to uninstall a vShield Edge Uninstalling Port Group Isolation places the ESX host in ma...

Страница 47: ...d for 40007 SVM with moid not registered 40015 vmId is malformatted or of incorrect length Uninstall the vShield Endpoint Module from the vSphere Client Uninstalling an vShield Endpoint module puts th...

Страница 48: ...vShield Administration Guide 48 VMware Inc...

Страница 49: ...VMware Inc 49 vShield Edge and Port Group Isolation...

Страница 50: ...vShield Administration Guide 50 VMware Inc...

Страница 51: ...Edge on page 51 Specify a Remote Syslog Server on page 52 Managing the vShield Edge Firewall on page 52 Manage NAT Rules on page 53 Manage DHCP Service on page 54 Manage VPN Service on page 56 Manage...

Страница 52: ...d Edge firewall rules police traffic based on the following criteria You can add destination and source port ranges to a rule for dynamic services such as FTP and RPC which require multiple ports to c...

Страница 53: ...dge validate sessions Manage NAT Rules The vShield Edge provides network address translation NAT service to protect the IP addresses of internal private networks from the public network You must confi...

Страница 54: ...s IP address pooling and one to one static IP address allocation Static IP address binding is based on the vCenter managed object ID and interface ID of the requesting client vShield Edge DHCP service...

Страница 55: ...4 Click the DHCP link 5 Under Static Bindings click Add Bindings A new row appears in the table 6 Double click each cell in the row to enter or select the appropriate information The Primary Name Serv...

Страница 56: ...NAT device In this deployment the NAT device translates the VPN address of a vShield Edge into a publicly accessible address facing the Internet Remote VPN routers use this public address to access th...

Страница 57: ...connect to the site To identify a VPN peer tunnel 1 In the vSphere Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4...

Страница 58: ...ancer service 1 In the vSphere Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Load Balancer link 5 Click...

Страница 59: ...here Client go to Inventory Networking 2 Select an internal port group that is protected by a vShield Edge 3 Click the vShield Edge tab 4 Click the Status link 5 Under Edge Services select a service a...

Страница 60: ...vShield Administration Guide 60 VMware Inc...

Страница 61: ...VMware Inc 61 vShield App and vShield Endpoint...

Страница 62: ...vShield Administration Guide 62 VMware Inc...

Страница 63: ...s and make the rules easier to track You can monitor the health of vShield App instances by using the vShield Manager user interface and by sending vShield App system events to a syslog server This ch...

Страница 64: ...Details include system statistics status of interfaces software version and environmental variables To view the health of a vShield App 1 Log in to the vShield Manager user interface 2 Select a vShie...

Страница 65: ...3 Click the Configuration tab 4 Click System Status 5 Click an interface under the Port column to view traffic statistics For example to view the traffic statistics for the vShield App management inte...

Страница 66: ...vShield Administration Guide 66 VMware Inc...

Страница 67: ...arts on page 68 Change the Date Range of the Flow Monitoring Charts on page 68 View the Flow Monitoring Report on page 68 Add an App Firewall Rule from the Flow Monitoring Report on page 69 Editing Po...

Страница 68: ...a datacenter or cluster resource from the resource tree 3 Click the vShield App tab 4 Click Flow Monitoring The charts are updated to display the most current information for the last seven days This...

Страница 69: ...allow or deny rule App Firewall rule creation from Flow Monitoring data is available at the datacenter and cluster levels only To add an App Firewall rule from the Flow Monitoring report 1 In the vSph...

Страница 70: ...nown applications and protocols their respective ports and a description vShield recognizes common protocol and port mappings such as HTTP over port 80 Your organization might employ an application or...

Страница 71: ...ing from the table When you delete a mapping any traffic to the application port pair is listed as Uncategorized in the Flow Monitoring statistics To delete an application port pair mapping 1 Go to In...

Страница 72: ...vShield Administration Guide 72 VMware Inc...

Страница 73: ...this way App Firewall effectively has a continuous footprint on each ESX host under the managed containers Securing Containers and Designing Security Groups When creating App Firewall rules you can c...

Страница 74: ...level precedence refers to recognizing the datacenter level as being higher in priority than the cluster level When a rule is configured at the datacenter level the rule is inherited by all clusters a...

Страница 75: ...Destination fields and port numbers in the Source Port and Destination Port fields 7 Optional Select the new row and click Up to move the rule up in priority 8 Optional Select the Log check box to log...

Страница 76: ...e 9 Click Commit to save the rule To create a firewall rule at the port group level 1 In the vSphere Client go to Inventory Networking 2 Select a port group from the resource tree 3 Click the vShield...

Страница 77: ...to log all sessions matching this rule 9 Click Commit Creating and Protecting Security Groups The Security Groups feature enables you to create custom containers to which you can assign resources such...

Страница 78: ...By default a vShield Edge matches firewall rules against each new session After a session has been established any firewall rule changes do not affect active sessions The CLI command validate sessions...

Страница 79: ...he inventory panel 3 Click the vShield App tab 4 Click App Firewall 5 From the Revert to Snapshot drop down list select a snapshot Snapshots are presented in the order of timestamps with the most rece...

Страница 80: ...vShield Administration Guide 80 VMware Inc...

Страница 81: ...sident thin agent To view vShield Endpoint status 1 In the vSphere Client go to Inventory Hosts and Clusters 2 Select a datacenter cluster or ESX host resource from the resource tree 3 Click the vShie...

Страница 82: ...ents affecting the health status of the vShield Endpoint module Table 14 1 Warnings Marked Yellow Possible Cause Action SVM is registered but vShield Endpoint module does not see any virtual machines...

Страница 83: ...nts Those virtual machines are not protected while this warning persists This is usually a transient alarm that does not require attention If it persists or turns to red look at the vCenter Server eve...

Страница 84: ...SM_SVM_EVENT_DROPPED_EVENTS timestamp warning Health Status information has been lost 2006 VSM_SVM_EVENT_MISSING_REPORT timestamp error vShield Manager lost communication with SVM 2007 VSM_SVM_EVENT_R...

Страница 85: ...esponding ESX host for example during power up or incoming vMotion 1001 VSM_VM_EVENT_DISCONNECTED VM configured for vShield Endpoint protection will generate this event when loaded on the correspondin...

Страница 86: ...number Thin agent initialization failure Successfully found SCSI device to communicate with the security virtual machine SVM Failure to create filter device object or failure to attach to device stac...

Страница 87: ...VMware Inc 87 Appendixes...

Страница 88: ...vShield Administration Guide 88 VMware Inc...

Страница 89: ...elect the vShield virtual machine from the inventory panel and click the Console tab You can log in to the CLI by using the default user name admin and password default You can also use SSH to access...

Страница 90: ...following commands move the pointer around on the command line Keystrokes Description CTRL A Moves the pointer to beginning of the line CTRL B or the left arrow key Moves the pointer back one charact...

Страница 91: ...nt password and the Privileged mode password are managed separately The default Privileged mode password is the same for each CLI user account You should change the Privileged mode password to secure...

Страница 92: ...unt other than admin 5 Switch to Privileged mode 6 Switch to Configuration mode 7 Delete the admin user account manager config no user admin 8 Save the configuration 9 Run the exit command twice to lo...

Страница 93: ...age 104 Show Commands on page 108 Diagnostics and Troubleshooting Commands on page 125 User Administration Commands on page 128 Terminal Commands on page 129 Deprecated Commands on page 131 Administra...

Страница 94: ...no before the command Syntax no shutdown CLI Mode Privileged Interface Configuration Example vShield shutdown or vShield config interface mgmt vShield config if shutdown vShield config if no shutdown...

Страница 95: ...eld Related Commands disable end Ends the current CLI mode and switches to the previous mode Syntax end CLI Mode Basic Privileged Configuration and Interface Configuration Example vShield end vShield...

Страница 96: ...eld configure terminal vShield config interface mgmt vShield config if or vShield config no interface mgmt Related Commands show interface quit Quits Interface Configuration mode and switches to Confi...

Страница 97: ...s vShield App CLI Example manager clear vmwall rules Related Commands show vmwall log show vmwall rules cli ssh allow Enable or disable access to the CLI via SSH session Syntax no cli ssh allow CLI Mo...

Страница 98: ...elines vShield Manager CLI Example manager database erase enable password Changes the Privileged mode password You should change the Privileged mode password for each vShield virtual machine CLI user...

Страница 99: ...om an interface use no before the command Syntax no ip address A B C D M CLI Mode Interface Configuration Example vShield config interface mgmt vShield config if ip address 192 168 110 200 24 or vShie...

Страница 100: ...0 0 0 0 0 192 168 1 1 Related Commands show ip route manager key Sets a shared key for authenticating communication between a vShield App and the vShield Manager You can set a shared key on any vShie...

Страница 101: ...use no before the command Syntax no ntp server hostname A B C D CLI Mode Configuration Usage Guidelines vShield App CLI Example vShield configure terminal vShield config ntp server 10 1 1 113 or vShi...

Страница 102: ...stances Press ENTER to accept a default value Syntax setup CLI Mode Basic Usage Guidelines The Manager key option is applicable to vShield App setup only Example manager config setup Default settings...

Страница 103: ...send system events You can also identify one or more syslog servers by using the vShield Manager user interface See Send vShield App System Events to a Syslog Server on page 63 To disable syslog expor...

Страница 104: ...mands debug copy Copies one or all packet trace or tcpdump files and exports them to a remote server You must enable the debug packet capture command before you can copy and export files Syntax debug...

Страница 105: ...debug packet capture segment 0 host_10 10 11 11_port_8 Related Commands debug copy debug packet display interface debug packet display interface Displays all packets captured by a vShield App or vShie...

Страница 106: ...ename all CLI Mode Privileged Usage Guidelines vShield App CLI Example vShield debug remove tcpdumps all Option Description mgmt u0 p0 The specific vShield App interface from which to capture packets...

Страница 107: ...ed Commands show services debug service flow src Debugs messages for a service that is processing traffic between a specific source to destination pair You can run the show services command to view th...

Страница 108: ...Mode Privileged Usage Guidelines vShield App CLI Example vShield_Zones_host_49_269700 debug show files total 0 rw r r 1 0 Jun 23 16 04 tcpdump d0 0 Related Commands debug copy debug remove Show Comman...

Страница 109: ...00 00 81 virteth1 192 168 110 1 0x1 0x2 00 0F 90 D5 36 C1 mgmt show clock Shows the current time and date of the virtual machine If you use an NTP server for time synchronization the time is based on...

Страница 110: ...LI Mode Basic Privileged Usage Guidelines vShield App CLI Example vShield show debug No debug logs enabled Related Commands debug service debug service flow src show ethernet Shows Ethernet informatio...

Страница 111: ...rives Syntax show filesystem CLI Mode Basic Privileged Example vShield show filesystem Filesystem Size Used Avail Use Mounted on dev hda3 4 9G 730M 3 9G 16 dev hda6 985M 17M 919M 2 tmp dev hda7 24G 1...

Страница 112: ...gic BT 946C BA80C30 MultiMaster 10 11 0 0000 02 00 0 Intel Corporation 82545EM Gigabit Etherne t Controller Copper 15 0 0000 03 show hostname Shows the current hostname for a vShield Edge Syntax show...

Страница 113: ...d 0 output errors 0 aborted 0 carrier 0 fifo 0 heartbeat 0 window 0 Related Commands interface show ip addr Shows the protocol addresses configured on a vShield Edge for all devices Syntax show ip add...

Страница 114: ...Shield Edge Syntax show kernel message last n CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vshieldEdge show kernel message last 20 Related Commands show kernel message Option De...

Страница 115: ...2 Aug 7 17 33 37 vShield_118 ntpdate 21445 adjust time server 10 115 216 84 offset 0 011031 sec Aug 7 17 34 37 vShield_118 ntpdate 21466 adjust time server 10 115 216 84 offset 0 002739 sec Aug 7 17 3...

Страница 116: ...000406 sec Feb 9 12 31 54 localhost ntpdate 24580 adjust time server 192 168 110 199 off set 0 000487 sec Related Commands show log show manager log Shows the system log of the vShield Manager Syntax...

Страница 117: ...hows the last n number of events in the vShield Manager log Syntax show manager log last n CLI Mode Basic Privileged Usage Guidelines vShield Manager CLI Example manager show manager log last 10 Relat...

Страница 118: ...ured on a vShield Edge Syntax show route CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show route show running config Shows the current running configuration Syntax s...

Страница 119: ...Balancer DHCP leases and iptable entries for firewall and NAT Syntax show service statistics CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Example vShieldEdge show service statistics sho...

Страница 120: ...Attached Related Commands debug service debug service flow src show session manager counters Shows historical statistics on the sessions processed by a vShield App such as the number of SYNs received...

Страница 121: ...images on the slots of a vShield virtual machine Boot indicates the image that is used to boot the virtual machine Syntax show slots CLI Mode Basic Privileged Example manager show slots Recovery Syst...

Страница 122: ...hows the latest vShield Edge system events which have not yet been read by the vShield Manager Syntax show system events follow reverse CLI Mode Basic Privileged Usage Guidelines vShield Edge CLI Exam...

Страница 123: ...B MemFree 1667248 kB Buffers 83120 kB show system network_connections Shows the currently opened network connections and listening interfaces for a vShield Edge Syntax show system network_connections...

Страница 124: ...version currently running on the virtual machine Syntax show version CLI Mode Basic Privileged Example vShield show version show vmwall log Shows the sessions that matched a firewall rule Syntax show...

Страница 125: ...ech support scp URL CLI Mode Basic and Privileged Example vShield export tech support scp user123 host123 file123 link detect Enables link detection for an interface Link detection checks the status o...

Страница 126: ...or debugging IPSec related issues Enter CTRL C to end ping replies Example vshieldEdge ping interface addr 192 168 1 1 69 147 76 15 show tech support Shows the system diagnostic log that can be sent t...

Страница 127: ...le vShield traceroute 10 16 67 118 traceroute to 10 16 67 118 10 16 67 118 30 hops max 40 byte packets 1 10 115 219 253 10 115 219 253 128 808 ms 74 876 ms 74 554 ms 2 10 17 248 51 10 17 248 51 0 873...

Страница 128: ...default web manager password Password reset user Adds a CLI user account The user admin is the default user account The CLI admin account and password are separate from the vShield Manager user inter...

Страница 129: ...eb Console browser sessions Syntax no web manager CLI Mode Configuration Usage Guidelines vShield Manager CLI You can use this command after you have run the no web manager command to stop and then re...

Страница 130: ...ngth Sets the number of rows to display at a time in the CLI terminal Syntax terminal length 0 512 CLI Mode Privileged Example manager terminal length 50 Related Commands reset terminal no length term...

Страница 131: ...s Command close support tunnel copy http URL slot 1 2 copy http URL temp copy scp URL slot 1 2 copy scp URL temp debug export snapshot debug import snapshot debug snapshot list debug snapshot remove d...

Страница 132: ...vShield Administration Guide 132 VMware Inc...

Страница 133: ...ager Installation vShield OVA File Extracted to a PC Where vSphere Client Is Not Installed Problem I obtained the vShield OVA file and downloaded it to my PC If I do not have the vSphere Client on my...

Страница 134: ...om the vShield Manager there is a break in connectivity between the two virtual machines The vShield management interface cannot talk to the vShield Manager management interface Make sure that the man...

Страница 135: ...No Flow Data Displaying in Flow Monitoring Problem I have installed the vShield Manager and a vShield App When I opened the Flow Monitoring tab I did not see any data Solution This might be the resul...

Страница 136: ...creates the following entities Creates a user named vslauser and sets a default password To see if the user was added vi etc passwd Adds the role vslauser and associates the user vslauser to the role...

Страница 137: ...physical network for such unicasts There is also a chance of more than one vShield Manager Port Group Isolation vCenter installations on the same network In that case some of the host key MAC address...

Страница 138: ...tries This will take care of things like VMs moving to different hosts or to make sure that the table does not grow too much in size with stale mac entries The used age seen bits represent the flags u...

Страница 139: ...Sec service is running on the vShield Edge To verify using the CLI command show service ipsec IPSec service has to be started by issuing the start command If ipsec is running and any errors have occur...

Страница 140: ...atrix available after 1 0 for version compatibility checking To retrieve version numbers for the various components do the following SVM strings libEPSec so grep BUILD_NUMBER provides the build number...

Страница 141: ...r Level Rules 28 74 command syntax 90 configuration mode of CLI 90 configure terminal 94 connecting to vCenter Server 21 copy running config startup config 97 Create User 34 D data on demand backups 3...

Страница 142: ...y of Zones Firewall rules 28 history of updates 38 host alarms for vShield Endpoint 82 hostname 99 Hosts Clusters view 18 HTTP proxy 23 I installing updates 37 interface 96 interface mode of CLI 90 in...

Страница 143: ...how Logs 65 show manager log 116 show manager log last 117 show ntp 117 show process 118 Show Report 68 show route 118 show running config 118 show service 119 show service statistics 119 show service...

Страница 144: ...Manager 13 vShield App about 14 CLI configuration 64 firewall logs 65 forcing sync 64 notification based on events 42 restarting 65 sending events to syslog server 63 System Status 64 traffic stats 6...

Страница 145: ...45 Zones Firewall 27 vSphere Plug in 22 W web manager 129 write 103 write erase 104 write memory 104 Z Zones Firewall 27 adding L2 L3 rules 30 adding L4 rules 29 deleting rules 32 hierarchy of rules...

Страница 146: ...vShield Administration Guide 146 VMware Inc...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды