1. Manuals
  2. Brands
  3. VMware Manuals
  4. Software
  5. VSHIELD APP 1.0.0 UPDATE 1 - API
  6. Programming manual

Get The Status Of The Default Policy For A Vshield Edge; Change The Default Firewall Policy Action - VMware VSHIELD APP 1.0.0 UPDATE 1 - API Programming Manual

Vshield api
Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1 - API:
Table of Contents

Advertisement

Example:
Allow any firewall rule set
POST /api/1.0/network/network-244/firewall/rules HTTP/1.1
content-type: application/xml; charset=UTF-8
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host: 10.112.196.213
accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
content-length: 711
<?xml version="1.0" encoding="UTF-8"
Firewall rule set with deny action based on IP and port range
content-length: 695
<?xml version="1.0" encoding="UTF-8"

Get the Status of the Default Policy for a vShield Edge

You can check the action—allow or deny—currently enforced for the default firewall policy.
Example 5-27. Get the Status of the Default Policy for a Specific Network
Request:
GET <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/default
Example:
GET /api/1.0/network/network-244/firewall/default HTTP/1.1
Authorization: Basic YWRtaW46ZGVmYXVsdA==
Host: 10.112.196.213

Change the Default Firewall Policy Action

You can change the default firewall policy action to either allow all traffic or deny all traffic.
Example 5-28. Change the Action of the Default Firewall Policy on a vShield Edge
Request:
PUT <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/
VMware, Inc.
standalone="yes"?><VShieldEdgeConfig><FirewallConfig><FirewallRule><protocol>
any</protocol><sourceIpAddress><ipAddress>any</ipAddress></sourceIpAddress>
<sourcePort><port>any</port></sourcePort><destinationIpAddress><ipAddress>any
</ipAddress></destinationIpAddress><destinationPort><port>any</port>
</destinationPort><direction>out</direction><action>allow</action>
</FirewallRule><FirewallRule><protocol>icmp</protocol><icmpType>any</icmpType>
<sourceIpAddress><ipAddress>any</ipAddress></sourceIpAddress>
<destinationIpAddress><ipAddress>any</ipAddress></destinationIpAddress>
<direction>out</direction><action>allow</action></FirewallRule>
</FirewallConfig></VShieldEdgeConfig>
standalone="yes"?><VShieldEdgeConfig><FirewallConfig><FirewallRule><protocol>
tcp</protocol><sourceIpAddress><IpRange><rangeStart>172.17.1.13</rangeStart>
<rangeEnd>172.17.1.16</rangeEnd></IpRange></sourceIpAddress><sourcePort>
<PortRange><rangeStart>9922</rangeStart><rangeEnd>9925</rangeEnd></PortRange>
</sourcePort><destinationIpAddress><IpRange><rangeStart>192.168.102.6
</rangeStart><rangeEnd>192.168.102.9</rangeEnd></IpRange>
</destinationIpAddress><destinationPort><PortRange><rangeStart>22
</rangeStart><rangeEnd>25</rangeEnd></PortRange></destinationPort><direction>
in</direction><action>deny</action></FirewallRule></FirewallConfig>
</VShieldEdgeConfig>
firewall/default/{allow|deny}
Chapter 5 vShield Edge Management
35

Advertisement

Table of Contents
loading

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1 - API

Related Content for VMware VSHIELD APP 1.0.0 UPDATE 1 - API

This manual is also suitable for:

Vshield manager 4.1.0 update 1Vshield zones 4.1.0 update 1Vshield edge 1.0.0 update 1Vshield endpoint 1.0.0 update 1

Table of Contents