1. Manuals
  2. Brands
  3. VMware Manuals
  4. Software
  5. VSHIELD APP 1.0.0 UPDATE 1 - API
  6. Programming manual

VMware VSHIELD APP 1.0.0 UPDATE 1 - API Programming Manual

Vshield api
Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1 - API:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Admin Manual
vShield API Programming Guide
vShield Manager 4.1.0 Update 1
vShield Zones 4.1.0 Update 1
vShield App 1.0.0 Update 1
vShield Edge 1.0.0 Update 1
vShield Endpoint 1.0.0 Update 1
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000434-01

Advertisement

Table of Contents
loading

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1 - API

Summary of Contents for VMware VSHIELD APP 1.0.0 UPDATE 1 - API

  • Page 1 Endpoint 1.0.0 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000434-01...
  • Page 2 VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

  • Page 3: Table Of Contents

    Contents About This Book 7 Overview of VMware vShield 9 vShield Components 9 vShield Manager 9 vShield App 9 vShield Edge 10 vShield Endpoint 10 Ports Required for vShield 10 An Introduction to REST API for vShield Users 10 How REST Works 10...
  • Page 4 Revert to a Syslog Server Configuration by Timestamp 48 Delete the Current Syslog Server Configuration 49 vShield App Management 51 Configuring Firewall Rules for a vCenter Container 51 View All Firewall Rules for a Container 51 Post an App Firewall Rule Set for a Container 52 VMware, Inc.
  • Page 5 Edge CLI Login Credentials Schema 74 vShield Edge Firewall Schema 74 NAT Schema 77 DHCP Schema 79 VPN Schema 80 Load Balancer Schema 83 MTU Threshold Schema 84 Traffic Stats Schema 85 Syslog Schema 85 Error Message Schema 86 Index 87 VMware, Inc.
  • Page 6 VMware, Inc.

  • Page 7: About This Book

    Intended Audience This manual is intended for anyone who wants to use REST API to install or use vShield in a VMware vCenter™ environment. The information in this manual is written for experienced system administrators who are familiar with virtual machine technology and virtual datacenter operations. This manual assumes familiarity with vShield.
  • Page 8 API Programming Guide Support Offerings To find out how VMware support offerings can help meet your business needs, go to http://www.vmware.com/support/services. VMware Professional Services VMware Education Services courses offer extensive hands-on labs, case study examples, and course materials designed to be used as on-the-job reference tools. Courses are available onsite, in the classroom, and live online.

  • Page 9: Overview Of Vmware Vshield

    The vShield Manager virtual machine can run on a different ESX host from your vShield App and vShield Edge virtual machines. The vShield Manager user interface leverages the VMware Infrastructure SDK to display a copy of the vSphere Client inventory panel.

  • Page 10: Vshield Edge

    The URLs at which these documents are available are often “sticky,” in that they persist beyond the lifetime of the request or response that includes them. The other content of the documents is nominally valid until the expiration date noted in the HTTP Expires header. VMware, Inc.

  • Page 11: Using The Vshield Rest Api

    Chapter 1 Overview of VMware vShield Using the vShield REST API All vShield REST requests require authorization. You can use the following basic authorization: MPORTANT Authorization: Basic YWRtaW46ZGVmYXVsdA== YWRtaW46ZGVmYXVsdA== represents the Base 64 encoding of the vShield Manager default login credentials (admin:default).

  • Page 12: For More Information About Rest

    For a comprehensive discussion of REST from both the client and server perspectives, see: Richardson, Leonard, and Sam Ruby. RESTful Web Services. North Mankato: O'Reilly Media, Inc., 2007. There are also many sources of information about REST on the Web, including:  http://www.infoq.com/articles/rest-introduction  http://www.infoq.com/articles/subbu-allamaraju-rest  http://www.stucharlton.com/blog/archives/000141.html VMware, Inc.

  • Page 13: Vshield Manager Management

    You can use a single request to synchronize the vShield Manager with the vCenter Server and add DNS servers to the vShield Manager for IP address and hostname resolution. Synchronizing with vCenter Server enables the vShield Manager user interface to display your VMware Infrastructure inventory. Synchronization with vCenter requires the vCenter URL and login credentials.

  • Page 14: Retrieving Tech Support Logs

    You can download the diagnostic log from a vShield Edge. You can then send the diagnostic log to technical support for assistance in troubleshooting an issue. Example 2-4. Getting the Tech Support Log File Path for a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/techSupportLogs VMware, Inc.

  • Page 15: Esx Host Preparation For Vshield App, Endpoint, And Isolation

    To shorten the time to deployment, you can install vShield App, vShield Endpoint, and Port Group Isolation services on an ESX host by using a single REST call. You can do this by including VszInstallParams, PortgroupIsolationInstallParams, and EpsecInstallParams in the POST body. VMware, Inc.
  • Page 16 IpAddress: IP address to be assigned to the management port of the vShield App. This IP address must be able to communicate with the vShield Manager.  NetworkMask: Subnet mask associated with the IP address assigned to the management interface of the vShield App.  DefaultGw: IP address of the default gateway. VMware, Inc.

  • Page 17: Get The Installation Status Of Vshield Services On An Esx Host

    If neither of these operations is in progress, the response includes the list of installed services on the ESX host. Example 3-3. Getting vShield Service Installation Status on an ESX Host Request: GET <vshield_manager-uri>/api/1.0/vshield/<host-id> VMware, Inc.

  • Page 18: Uninstalling Vshield Services From An Esx Host

    This request uninstalls a vShield App (zones) and Port Group Isolation (pgi). The vShield Endpoint service is shortened to epsec. DELETE /api/1.0/zones/vshield/<host-id>/vsz-pgi You can uninstall a single service by specifying the service name. Example 3-6. Uninstall a vShield App Only Request: DELETE <vshield_manager-uri>/api/1.0/vshield/<host-id>/vsz VMware, Inc.

  • Page 19: Vnetwork Preparation And Vshield Edge Installation

    Isolation is available for vDS-based vShield Edge installations only. To enable Port Group Isolation on a vDS Enable Port Group Isolation on each vDS. Install a vShield Edge on each vDS port group you plan to secure. Move the virtual machines to secured vDS port groups. VMware, Inc.

  • Page 20: Enable Port Group Isolation On A Vds

    Example 4-3. Disabling Port Group Isolation on a vDS Request: DELETE <vshield_manager-uri>/api/1.0/network/portgroupIsolation/dvs/<dvs-Moid> Example: DELETE /api/1.0/portgroupIsolation/dvs/dvs-1069 HTTP/1.1 Content-type: application/xml; charset=UTF-8 Authorization: Basic YWRtaW46ZGVmYXVsdA== Cache-Control: no-cache Pragma: no-cache Host: 10.112.196.244 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive VMware, Inc.

  • Page 21: Installing A Vshield Edge

    InternalInterface: Enter the VC MOID for the internal port group.  ExternalInterface: Enter the VC MOID for the external port group. Example: POST /api/1.0/network/network-244/vshieldedge HTTP/1.1 Content-Type: application/xml Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 620 VMware, Inc.

  • Page 22: Get The Install Parameters Of A Vshield Edge

    If you did not install and enable Port Group Isolation on an ESX host, you do not have to migrate virtual machines to uninstall a vShield Edge. Example 4-6. Uninstalling a vShield Edge Request: DELETE <vshield_manager-uri>/network/<internal-portgroup-vc-moref-id>/vshieldedge Example: DELETE /api/1.0/network/network-244/vshieldedge HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.

  • Page 23: Vshield Edge Management

    “Managing the MTU Threshold for a vShield Edge” on page 46  “View Traffic Statistics” on page 47  “Debug vShield Edge Services Using Service Statistics” on page 47  “Managing the Connection to a Syslog Server” on page 47 VMware, Inc.

  • Page 24: Upgrading A Vshield Edge

    Manager to push the latest configuration to a vShield Edge. Example 5-3. Forcing a vShield Edge to Sync with the vShield Manager Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/action/forcesync Example: PUT /api/1.0/network/network-244/action/forcesync HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost VMware, Inc.

  • Page 25: Manage Cli Credentials On A Vshield Edge

    GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/service Example: GET /api/1.0/network/network-244/dhcp/service HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: 10.112.196.213 Start, Stop, or Restart the DHCP Service Example 5-6. Starting or Stopping the DHCP Service on a vShield Edge Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/action/ {start | stop | restart} VMware, Inc.

  • Page 26: Post A Dhcp Configuration

    Get the Configuration for All DHCP Hosts and Pools You can retrieve the current DHCP configuration for a vShield Edge, including all configured hosts and IP pools. Example 5-8. Getting the Configuration of All DHCP Hosts and Pools Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/config VMware, Inc.

  • Page 27: Get Timestamps Of Last 10 Dhcp Configurations

    Delete the DHCP Configuration on a vShield Edge You can delete the current DHCP configuration a vShield Edge. Example 5-12. Delete the DHCP Configuration on a vShield Edge Request: DELETE <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/config Example: DELETE /api/1.0/network/network-244/dhcp/config HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: 10.112.196.213 VMware, Inc.

  • Page 28: Managing Nat

    Edge. The current rule set is replaced with this new set of rules. Example 5-14. Post an SNAT Rule Set on a vShield Edge Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/snat/rules <VShieldEdgeConfig> <NATConfig> <NATRule> <externalIpAddress> <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>ip_address</rangeStart> <rangeEnd>ip_address</rangeEnd> </IpRange> </externalIpAddress> <internalIpAddress> <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>ip_address</rangeStart> <rangeEnd>ip_address</rangeEnd> </IpRange> VMware, Inc.
  • Page 29 Host: 10.112.196.213 accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 content-length: 310 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VShieldEdgeConfig><NATConfig><NATRule><internalIpAddress><ipAddress>172.17.1. 11</ipAddress></internalIpAddress><externalIpAddress><ipAddress>10.112.196.219 </ipAddress></externalIpAddress></NATRule></NATConfig></VShieldEdgeConfig>  SNAT Rule with IP Range content-length: 563 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><NATConfig><NATRule><internalIpAddress> <IpRange><rangeStart>172.17.1.40</rangeStart><rangeEnd>172.17.1.45</rangeEnd> </IpRange></internalIpAddress><externalIpAddress><IpRange><rangeStart> 10.112.196.218</rangeStart><rangeEnd>10.112.196.219</rangeEnd></IpRange> </externalIpAddress></NATRule><NATRule><internalIpAddress><ipAddress> 172.17.1.54</ipAddress></internalIpAddress><externalIpAddress><ipAddress> 10.112.196.217</ipAddress></externalIpAddress></NATRule></NATConfig> </VShieldEdgeConfig> VMware, Inc.

  • Page 30: Managing Dnat Rules

    Traffic targeting a specific port of a public address is forwarded to an internal host with the given internal IP address on the specified port. Get the DNAT Rule Set Example 5-19. Get the DNAT Rule Set on a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dnat/rules VMware, Inc.
  • Page 31  The externalIpAddress and internalIpAddress parameters can be entered in either of these formats. <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>low_ip_address</rangeStart> <rangeEnd>high_ip_address</rangeEnd> </IpRange>  The externalPort and internalPort parameters can be entered in either of these formats. <port>PortOrAny</port> <PortRange> <rangeStart>low_port</rangeStart> <rangeEnd>high_port</rangeEnd> </PortRange> VMware, Inc.
  • Page 32 DNAT Rule with Port Range content-length: 518 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><NATConfig><NATRule><protocol>tcp </protocol><internalIpAddress><ipAddress>172.17.1.11</ipAddress> </internalIpAddress><internalPort><PortRange><rangeStart>15</rangeStart> <rangeEnd>19</rangeEnd></PortRange></internalPort><externalIpAddress> <ipAddress>10.112.196.219</ipAddress></externalIpAddress><externalPort> <PortRange><rangeStart>9915</rangeStart><rangeEnd>9919</rangeEnd></PortRange> </externalPort></NATRule></NATConfig></VShieldEdgeConfig>  DNAT Rule with IP and Port Range content-length: 627 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><NATConfig><NATRule><protocol>tcp </protocol><internalIpAddress><IpRange><rangeStart>172.17.1.15</rangeStart> <rangeEnd>172.17.1.19</rangeEnd></IpRange></internalIpAddress><internalPort> <PortRange><rangeStart>15</rangeStart><rangeEnd>19</rangeEnd></PortRange> </internalPort><externalIpAddress><IpRange><rangeStart>10.112.196.215 </rangeStart><rangeEnd>10.112.196.219</rangeEnd></IpRange></externalIpAddress> <externalPort><PortRange><rangeStart>9915</rangeStart><rangeEnd>9919 </rangeEnd></PortRange></externalPort></NATRule></NATConfig> </VShieldEdgeConfig> VMware, Inc.

  • Page 33: Configuring The Vshield Edge Firewall

    For the vShield Edge firewall schema, see “vShield Edge Firewall Schema” on page 74. Get the Firewall Rule Set for a vShield Edge Example 5-25. Get the Entire Firewall Rule Set on a vShield Edge Request: GET <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules VMware, Inc.

  • Page 34: Post A Firewall Rule Set

    The sourceIpAddress and destinationIpAddress parameters can be entered in either of these formats. <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>low_ip_address</rangeStart> <rangeEnd>high_ip_address</rangeEnd> </IpRange>  The sourcePort and destinationPort parameters can be entered in either of the following formats. <port>PortOrAny</port> <PortRange> <rangeStart>low_port</rangeStart> <rangeEnd>high_port</rangeEnd> </PortRange> VMware, Inc.

  • Page 35: Get The Status Of The Default Policy For A Vshield Edge

    Change the Default Firewall Policy Action You can change the default firewall policy action to either allow all traffic or deny all traffic. Example 5-28. Change the Action of the Default Firewall Policy on a vShield Edge Request: PUT <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ firewall/default/{allow|deny} VMware, Inc.

  • Page 36: Get Details Of A Specific Firewall Rule

    Delete All Firewall Rules on a vShield Edge If you delete all firewall rules on a vShield Edge agent, the agent enforces the default policy on all incoming and outgoing traffic sessions. Example 5-33. Delete All Firewall Rules on a vShield Edge Request: DELETE <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules VMware, Inc.

  • Page 37: Configuring Vpns

    All VPN settings configured by using REST requests appear under the vShield Edge > VPN tab for the appropriate vShield Edge in the vShield Manager user interface and vSphere Client plug-in. For the VPN schema, see “VPN Schema” on page 80. VMware, Inc.

  • Page 38: Get The Status Of Vpn Service

    Logging is disabled by default. To enable logging, add a <log /> element within <VPNServerConfig />.  VPN service requires encryption. You must specify the <encryptionAlgorithm /> element as either 3des or aes.  The natedPublicIpAddress element under VPNServerConfig is optional.  The siteName and tunnelName can contain only alphanumeric characters. VMware, Inc.

  • Page 39: Add A Remote Site

    You can add a remote VPN site to connect remote users to the virtual machines protected by a vShield Edge. Example 5-37. Adding a Remote VPN Site Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/vpn/ipsec/sites Example POST /api/1.0/network/network-244/vpn/ipsec/sites Content-Type: application/xml Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 576 VMware, Inc.

  • Page 40: Add Tunnels For A Vpn Site

    You can retrieve a detailed VPN configuration for a network that contains the VPN server configurations, site configurations, tunnel configurations, and the detailed configuration of all tunnels in all sites. Example 5-39. Getting the Detailed VPN Configuration for a Network Request: GET <vshield_manager-uri>/api/1.0/network/<vdc-moref-id>/vpn/ipsec/detailedconfig Example: GET /api/1.0/network/dvportgroup-1004/vpn/ipsec/detailedconfig HTTP/1.1 Host: localhost:9998 authorization: Basic YWRtaW46ZGVmYXVsdA== VMware, Inc.

  • Page 41: Get The Detailed Configuration For A Vpn Site

    Get the Current VPN Configuration on a vShield Edge You can retrieve the current VPN configuration on a vShield Edge to view settings such as tunnels and sites, as well as entity naming and addressing. Example 5-44. Getting the Current VPN Configuration Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/vpn/ipsec/config VMware, Inc.

  • Page 42: Get Timestamps Of Last 10 Vpn Configurations

    You can delete the current VPN configuration to clear VPN settings from the vShield Edge running configuration. The vShield Edge saves the deleted configuration by marking it with a timestamp. Example 5-48. Deleting the VPN Configuration on a vShield Edge Request: DELETE <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ vpn/ipsec/config Example: DELETE /api/1.0/network/network-244/vpn/ipsec/config HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.

  • Page 43: Load Balancer

    83. Get the Status of Load Balancer Service on a vShield Edge Example 5-49. Getting the Status of Load Balancer Service on a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ loadbalancer/service Example: GET /api/1.0/network/network-244/loadbalancer/service HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.

  • Page 44: Start Or Stop The Load Balancer Service On A Vshield Edge

    You can specify custom IP:Port values in the internalIPList. Example:  Basic load balancer configuration POST /api/1.0/network/network-244/loadbalancer HTTP/1.1 Content-Type: application/xml Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 490 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><LoadBalancerConfig><Listener> <externalIPAddress>10.112.196.95</externalIPAddress><BackEndServers> <internalIPList>172.17.1.11,172.17.1.12</internalIPList></BackEndServers> <algorithm>ip-hash</algorithm></Listener><Listener><externalIPAddress> 10.112.196.96</externalIPAddress><BackEndServers><internalIPList> 172.17.1.11,172.17.1.12</internalIPList></BackEndServers></Listener> </LoadBalancerConfig></VShieldEdgeConfig> VMware, Inc.

  • Page 45: Get The Current Load Balancer Configuration On A Vshield Edge

    You can retrieve a list of the last 10 Load Balancer configuration changes. You can use the returned timestamps to review the details of past configurations in a separate request. Example 5-54. Getting the Last 10 Load Balancer Configurations by Timestamp Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ loadbalancer/snapshots VMware, Inc.

  • Page 46: Get A Load Balancer Configuration By Timestamp

    Example 5-58. Configuring the MTU Threshold for a vShield Edge Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/mtu You can retrieve the current MTU threshold from a vShield Edge for reference. Example 5-59. Retrieving the MTU Threshold for a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/mtu VMware, Inc.

  • Page 47: View Traffic Statistics

    You can connect a vShield Edge to a syslog server for vShield Edge log management. For the traffic statistics schema, see “Syslog Schema” on page 85. Post a Syslog Server Configuration Example 5-62. Posting a Syslog Server Configuration Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/syslog/config VMware, Inc.

  • Page 48: Get The Current Syslog Server Configuration

    Get a Syslog Server Configuration by Timestamp Example 5-65. Getting a Syslog Server Configuration by Timestamp Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ syslog/snapshot/<snapshot-timestamp> Revert to a Syslog Server Configuration by Timestamp Example 5-66. Reverting to a Syslog Server Configuration by Timestamp Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ syslog/snapshot/<snapshot-timestamp> VMware, Inc.

  • Page 49: Delete The Current Syslog Server Configuration

    Chapter 5 vShield Edge Management Delete the Current Syslog Server Configuration Example 5-67. Deleting a Syslog Server Configuration Request: DELETE <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/syslog/config VMware, Inc.
  • Page 50 API Programming Guide VMware, Inc.

  • Page 51: Vshield App Management

    It is good practice to view the current firewall rule set before posting new or updated rules. VMware, Inc.

  • Page 52: Post An App Firewall Rule Set For A Container

    </Application><DestinationPorts>445</DestinationPorts><Protocol>TCP</Protocol> <Action>DENY</Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>1001</ID> <Precedence>Default</Precedence><Position>1</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" exclude="false"/><SourcePorts>68 </SourcePorts><Application type="UNICAST">DHCP-Server</Application> <DestinationPorts>67</DestinationPorts><Protocol>UDP</Protocol><Action>ALLOW </Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>1002</ID><Precedence> Default</Precedence><Position>2</Position><Source ref="ANY" exclude="false"/> <Destination ref="ANY" exclude="false"/><SourcePorts>67</SourcePorts> <Application type="UNICAST">DHCP-Client</Application><DestinationPorts>68 </DestinationPorts><Protocol>UDP</Protocol><Action>ALLOW</Action><Log>false</Log> <Notes></Notes></Rule><Rule><ID>1003</ID><Precedence>Default</Precedence> <Position>3</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" exclude="false"/><SourcePorts>ANY</SourcePorts><Application type="UNICAST">ANY </Application><DestinationPorts>ANY</DestinationPorts><Protocol>TCP</Protocol> <Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>1004</ID> <Precedence>Default</Precedence><Position>4</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" exclude="false"/><SourcePorts>ANY </SourcePorts><Application type="UNICAST">ANY</Application><DestinationPorts> VMware, Inc.
  • Page 53 </SourcePorts><Application type="UNICAST">ANY</Application><DestinationPorts> ANY</DestinationPorts><Protocol>TCP</Protocol><Action>ALLOW</Action><Log>false </Log><Notes></Notes></Rule><Rule><ID>1004</ID><Precedence>Default</Precedence> <Position>4</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" exclude="false"/><SourcePorts>ANY</SourcePorts><Application type="UNICAST"> ANY</Application><DestinationPorts>ANY</DestinationPorts><Protocol>UDP</Protocol> <Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>1005</ID> <Precedence>Default</Precedence><Position>1</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" exclude="false"/><SourcePorts>ANY </SourcePorts><Application type="UNICAST">ANY</Application> <DestinationPorts>ANY</DestinationPorts><Protocol>ARP</Protocol><Action>ALLOW </Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>1006</ID><Precedence> Default</Precedence><Position>2</Position><Source ref="ANY" exclude="false"/> <Destination ref="ANY" exclude="false"/><SourcePorts>ANY</SourcePorts> <Application type="UNICAST">ANY</Application><DestinationPorts>ANY </DestinationPorts><Protocol>OTHER IPv4</Protocol><Action>ALLOW</Action><Log>false </Log><Notes></Notes></Rule><Rule><ID>1007</ID><Precedence>Default</Precedence> <Position>3</Position><Source ref="ANY" exclude="false"/><Destination ref="ANY" VMware, Inc.
  • Page 54 Example: POST /api/1.0/zones/portgroup-512/firewall/rules content-type: application/xml; charset=UTF-8 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: 192.168.102.134 content-length: 655 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vshieldZonesFirewallConfiguration><ContainerAssociation><Container id="zone-1"><InstanceId>udz-6</InstanceId></Container></ContainerAssociation> <RuleSet><Rule><ID>0</ID><Precedence>High</Precedence><Position>2</Position> <Source ref="zone-1" exclude="true"/><Destination ref="zone-1" exclude="false"/><SourcePorts>ANY</SourcePorts><Application type="UNICAST">FTP </Application><DestinationPorts>21</DestinationPorts><Protocol>TCP</Protocol> <Action>ALLOW</Action><Log>false</Log><Notes></Notes></Rule><Rule><ID>58013</ID> <Precedence>High</Precedence><Position>1</Position><Source ref="zone-1" exclude="true"/><Destination ref="zone-1" exclude="false"/><SourcePorts>ANY </SourcePorts><Application type="UNICAST">SSH</Application> <DestinationPorts>22</DestinationPorts><Protocol>TCP</Protocol><Action>DENY</Actio n><Log>false</Log><Notes></Notes></Rule></RuleSet> </vshieldZonesFirewallConfiguration> VMware, Inc.
  • Page 55 If you delete rules at the cluster or port group level, any rules set at the datacenter remain enforced. Example 6-9. Delete a Firewall Rule Set for a Container Request: DELETE <vshield_manager-uri>/api/1.0/zones/<container-moref-id>/firewall/rules VMware, Inc.
  • Page 56 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VsmGlobalConfig><SecurityGroups><SecurityGroup><SecurityGroupBaseNode> datacenter-7</SecurityGroupBaseNode><SecurityGroupName>Zone-3 </SecurityGroupName><SecurityGroupNodeList><Node><Id>502888cf-e08c-61dc-4523-a 87e234d821a.000</Id></Node><Node><Id>502a183c-715e-5e37-f413-aea57de1e884.000 </Id></Node></SecurityGroupNodeList></SecurityGroup></SecurityGroups> </VsmGlobalConfig>  Adding a single security group with no network adapters POST /api/1.0/global/securityGroups/datacenter-7/groups/ HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 Content-Type: application/xml Content-Length: 299 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VsmGlobalConfig><SecurityGroups><SecurityGroup><SecurityGroupBaseNode> datacenter-7</SecurityGroupBaseNode><SecurityGroupName>Zone-5 </SecurityGroupName></SecurityGroup></SecurityGroups></VsmGlobalConfig> VMware, Inc.
  • Page 57 <SecurityGroupId>udz-1</SecurityGroupId></SecurityGroupIdList></SecurityGroups> </VsmGlobalConfig> Get the List of All Security Groups under a Base Node Example 6-13. Getting the List of All Security Groups under a Base Node Request: GET <vshield_manager-uri>/api/1.0/global/securityGroups/<base-node-moref-id>/groups Example: GET /api/1.0/global/securityGroups/datacenter-7/groups HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 VMware, Inc.
  • Page 58 You can delete a virtual machine from a Security Group by specifying the node in which it resides. Example 6-17. Deleting a Virtual Machine from a Security Group Request: DELETE <vshield_manager-uri>/api/1.0/global/securityGroups/<base-node-moref-id>/ nodes/<nic-id> Example: DELETE /api/1.0/global//securityGroups/datacenter-2/groups/secgroup-6/nodes/ 500e17ca-58bc-25d3-f001-9cf6515d6466.003 HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 VMware, Inc.
  • Page 59 Request: GET <vshield_manager-uri>/api/1.0/zones/syslogServers This request configures all vShield App instances connected to the vShield Manager to send events to the specified syslog servers. Example 6-21. Post the Syslog Server Configuration across All vShield App Instances Request: POST <vshield_manager-uri>/api/1.0/zones/syslogServers VMware, Inc.
  • Page 60 This request deletes a single syslog server by IP address across all vShield App instances connected to the vShield Manager. Example 6-23. Delete a Single Syslog Server by IP Address from All vShield App Instances Request: DELETE <vshield_manager-uri>/api/1.0/zones/syslogServers/<ip_of_syslogServer> VMware, Inc.
  • Page 61 Endpoint Management The VMware Endpoint system delivers an introspection-based antivirus solution that uses the hypervisor to scan guest virtual machines from the outside with only a thin agent on each guest virtual machine. You installed the vShield Endpoint service as part of ESX host preparation. You must perform the following tasks in sequence to complete EPSec installation.
  • Page 62 HTTP 400 Bad Request : Internal error codes. Please refer the Error Schema for more details. 40002=Acquiring 1. data from VC failed for <> 40007=SVM with moid: <> not registered 40015=vmId is malformatted or of incorrect length : <> VMware, Inc.
  • Page 63 HTTP 405 Method Not Allowed: If the vmId is missed in the URI. HTTP 400 Bad Request: Internal error codes. Please refer the Error Schema for more details. 40002=Acquiring data from VC failed for <> 40007=SVM with moid: <> not registered 40015=vmId is malformatted or of incorrect length : <> VMware, Inc.
  • Page 64 “Uninstalling vShield Services from an ESX Host” on page 18. Error Schema <?xml version="1.0" encoding="UTF-8"?><xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="Errors"> <xs:complexType> <xs:sequence> <xs:element maxOccurs="unbounded" name="Error" type="ErrorType"/> </xs:sequence> </xs:complexType> </xs:element> <xs:complexType name="ErrorType"> <xs:sequence> <xs:element name="code" type="xs:unsignedInt"/> <xs:element name="description" type="xs:string"/> <xs:element minOccurs="0" name="index" type="xs:int"/> </xs:sequence> </xs:complexType> </xs:schema> VMware, Inc.
  • Page 65 <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VsmGlobalConfig"> <xs:complexType> <xs:all> <xs:element minOccurs="0" name="VcInfo" type="VcInfoType" /> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="VcInfoType"> <xs:sequence> <xs:element name="ipAddress"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="userName"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> VMware, Inc.
  • Page 66 <xs:all> <xs:element minOccurs="0" name="VMInfo" type="VMInfoType" /> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="VMInfoType"> <xs:sequence> <xs:element name="VNICS" type="VNICSType" /> </xs:sequence> </xs:complexType> <xs:complexType name="VNICSType"> <xs:sequence> <xs:element name="VNIC" type="VNICType" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> <xs:complexType name="VNICType"> <xs:sequence> <xs:element name="Id" type="xs:string" /> <xs:element name="Name" type="xs:string" /> VMware, Inc.
  • Page 67 <xs:sequence> <xs:element name="IP" type="xs:string" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="NodeList"> <xs:sequence> <xs:element name="Node" type="SecurityGroupNode" maxOccurs="unbounded" /> </xs:sequence> </xs:complexType> <xs:complexType name="SecurityGroupNode"> <xs:sequence> <xs:element name="Id" type="xs:string" /> <xs:element name="Name" type="xs:string" minOccurs="0" /> <xs:element name="IPList" type="IPList" minOccurs="0" /> </xs:sequence> </xs:complexType> </xs:schema> VMware, Inc.
  • Page 68 <xs:element name="MgmtInterface" type="MgmtInterfaceType"/> </xs:sequence> </xs:complexType> <xs:complexType name="MgmtInterfaceType"> <xs:sequence> <xs:element name="IpAddress" type="IP"/> <xs:element name="NetworkMask" type="IP"/> <xs:element name="DefaultGw" type="IP"/> </xs:sequence> </xs:complexType> <xs:complexType name="PortgroupIsolationInstallParams"> <xs:sequence> <xs:element minOccurs="0" name="ResourcePoolId" type="Moid"/> <xs:element name="DatastoreId" type="Moid"/> </xs:sequence> </xs:complexType> <xs:simpleType name="InstallAction"> <xs:restriction base="xs:string"> <xs:enumeration value="install"/> <xs:enumeration value="upgrade"/> VMware, Inc.
  • Page 69 <xs:element name="NodeId" type="xs:string"/> <xs:element name="DatacenterId" type="xs:string"/> <xs:element name="DatastoreId" type="xs:string"/> <xs:element name="NameForZones" type="xs:string"/> <xs:element name="VswitchForMgmt" type="xs:string"/> <xs:element name="MgmtInterface" type="InterfaceType"/> </xs:sequence> </xs:complexType> <xs:complexType name="InterfaceType"> <xs:sequence> <xs:element name="IpAddress" type="xs:NMTOKEN"/> <xs:element name="NetworkMask" type="xs:NMTOKEN"/> <xs:element name="DefaultGw" type="xs:NMTOKEN"/> <xs:element minOccurs="0" name="VlanTag" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:schema> VMware, Inc.
  • Page 70 API Programming Guide vShield App Firewall Schema This schema configures the firewall rules enforced by a vShield App. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.vmware.com" xmlns:vmw="http://www.vmware.com"> <xs:element name="vshieldZonesFirewallConfiguration"> <xs:complexType> <xs:choice> <xs:sequence> <xs:element name="ContainerAssociation" type="vmw:ContainerAssociation"/> <xs:element name="RuleSet" type="vmw:RuleSet"/> </xs:sequence> <xs:element name ="SnapshotTimeStamps" type="TimeStamps"/>...
  • Page 71 Port Group Isolation Statistics Schema This schema can be used to retrieve the Port Group Isolation statistics from an ESX host. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VShieldPortgroupIsolationConfig"> <xs:complexType> <xs:choice> <xs:element name="StatsLocation" type="xs:string" /> </xs:choice> </xs:complexType> </xs:element> </xs:schema> VMware, Inc.
  • Page 72 </xs:simpleType> </xs:element> <xs:element name="resourcePoolId" type="Moid" /> <xs:element name="hostId" type="Moid" /> <xs:element name="dataStoreId" type="Moid" /> <xs:element name="InternalInterface" type="Interface"/> <xs:element name="ExternalInterface" type="Interface"/> <xs:element name="enablePortgroupIsolation" type="xs:boolean" minOccurs="0" /> <xs:element name="InstallStatus" type="xs:string" minOccurs="0" /> <!-- Only in response --> </xs:sequence> </xs:complexType > VMware, Inc.
  • Page 73 <xs:element name="ExternalInterface" type="Interface" /> </xs:sequence> </xs:complexType> <xs:complexType name="Interface"> <xs:sequence> <xs:element name="networkId" type="xs:Moid" /> <xs:element name="networkAddress" type="IP" /> <xs:element name="subnetMask" type="IP" /> <xs:element minOccurs="0" name="defaultGw" type="xs:NMTOKEN" /> <!--Used only for External Interface --> </xs:sequence> </xs:complexType> <xs:simpleType name="OpMode"> <xs:restriction base="xs:string"> <xs:pattern value="routing|bridging"/> VMware, Inc.
  • Page 74 <xs:restriction base="xs:string"> <xs:minLength value="1"/> <xs:pattern value="[^\s]+"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> </xs:schema> vShield Edge Firewall Schema This schema configures the firewall rules for a node. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.vmware.com" xmlns:vmw="http://www.vmware.com"> <xs:element name="VShieldEdgeConfig"> <xs:complexType> <xs:element name="FirewallConfig" type="FirewallConfig"/> VMware, Inc.
  • Page 75 </xs:complexType> <xs:complexType name="FirewallRuleStats"> <xs:sequence> <xs:element name="FirewallRule" type="FirewallRule" /> <xs:element name="packetCount" type="xs:unsignedInt" /> <xs:element name="byteCount" type="xs:unsignedInt" /> </xs:sequence> </xs:complexType> <xs:complexType name="IpInfo"> <xs:choice> <xs:element name="ipAddress" type="IpOrAny" /> <xs:element name="IpRange" type="IpRange" /> </xs:choice> </xs:complexType> <xs:complexType name="IpRange"> <xs:sequence> <xs:element name="rangeStart" type="IP" /> VMware, Inc.
  • Page 76 <xs:simpleType name="PortOrAny"> <xs:restriction base="xs:string"> <xs:pattern value= "((6[0-5][0-5][0-3][0-5]|[0-5][0-9]{1,4}|[0-9]{2,4}) |[0-9]|(any))"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="PROTOCOL"> <xs:restriction base="xs:string"> <xs:pattern value="tcp|udp|icmp|any"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="IcmpType"> <xs:restriction base="xs:string"> <xs:enumeration value="echo-reply"/> <xs:enumeration value="destination-unreachable"/> <xs:enumeration value="source-quench"/> <xs:enumeration value="redirect"/> <xs:enumeration value="echo-request"/> <xs:enumeration value="router-advertisement"/> <xs:enumeration value="router-solicitation"/> <xs:enumeration value="time-exceeded"/> VMware, Inc.
  • Page 77 <xs:element name="NATRule" type="NATRule"/> <xs:element name="packetCount" type="xs:unsignedInt" /> <xs:element name="byteCount" type="xs:unsignedInt" /> <xs:element name="ingressInterface" type="xs:string" /> <xs:element name="egressInterface" type="xs:string" /> <xs:element minOccurs="0" name="srcIpForRule" type="xs:string"/> </xs:sequence> </xs:complexType> <xs:complexType name="IpInfo"> <xs:choice> <xs:element name="ipAddress" type="IpOrAny"/> <xs:element name="IpRange" type="IpRange"/> </xs:choice> </xs:complexType> <xs:complexType name="IpRange"> VMware, Inc.
  • Page 78 <xs:pattern value="((6[0-5][0-5][0-3][0-5]|[0-5][0-9]{1,4}|[0-9]{2,4})|[0-9])"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="PortOrAny"> <xs:restriction base="xs:string"> <xs:pattern value="((6[0-5][0-5][0-3][0-5]|[0-5][0-9]{1,4}|[0-9] {2,4})|[0-9]|(any))"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="PROTOCOL"> <xs:restriction base="xs:string"> <xs:pattern value="tcp|udp|icmp|any"/> </xs:restriction> </xs:simpleType> <xs:simpleType name="IcmpType"> <xs:restriction base="xs:string"> <xs:enumeration value="echo-reply"/> <xs:enumeration value="destination-unreachable"/> <xs:enumeration value="source-quench"/> <xs:enumeration value="redirect"/> <xs:enumeration value="echo-request"/> <xs:enumeration value="router-advertisement"/> <xs:enumeration value="router-solicitation"/> VMware, Inc.
  • Page 79 </xs:simpleType> </xs:element> <xs:element name="hostName"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:pattern value="(([A-Za-z0-9][A-Za-z0-9\-_]*(\.){0,1})* [A-Za-z0-9]+)"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="internalIPAddress" type="IP" /> <xs:element minOccurs="0" name="DHCPConfigParams" type="DHCPConfigParams" /> </xs:sequence> </xs:complexType> <xs:complexType name="DHCPPool"> <xs:sequence> <xs:element name="PoolRange" type="IpRange" /> <xs:element minOccurs="0" name="DHCPConfigParams" type="DHCPConfigParams" /> </xs:sequence> </xs:complexType> VMware, Inc.
  • Page 80 <xs:pattern value="[a-zA-Z0-9\-]+"/> </xs:restriction> </xs:simpleType> </xs:schema> VPN Schema This schema configures VPN parameters for a node. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VShieldEdgeConfig"> <xs:complexType> <xs:all minOccurs="0"> <xs:element name="VPNConfig" type="VPNConfig"/> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="VPNConfig"> <xs:choice> <xs:element name="IpsecVPNConfig" type="IpsecVPNConfig"/> VMware, Inc.
  • Page 81 --> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="remoteEndPointexternalIpAddress" type="IP" /> <xs:element name="sharedSecret"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:element> <xs:element name="mtu"> <xs:simpleType> <xs:restriction base="xs:unsignedInt"> <xs:minInclusive value="1"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:sequence> </xs:complexType> <xs:complexType name="VPNTunnel"> <xs:sequence> <xs:element minOccurs="0" name="Configuration" type="VPNTunnelConfig"/> VMware, Inc.
  • Page 82 <xs:element name="NetworkEndpointsConfig" type="NetworkEndpointsConfig"/> <xs:element name="VseToRemoteSiteStats" type="VPNStats" /> <xs:element name="RemoteSiteToVseStats" type="VPNStats" /> </xs:sequence> </xs:complexType> <xs:complexType name="VPNStats"> <xs:sequence> <xs:element name="fromPort" type="xs:unsignedInt" /> <xs:element name="toPort" type="xs:unsignedInt" /> <xs:element name="protocol" type="xs:string" /> <xs:element name="spi" type="xs:string" /> <xs:element name="reqid" type="xs:string" /> <xs:element name="encryption" type="xs:string" /> VMware, Inc.
  • Page 83 <xs:complexType name="LoadBalancerConfig"> <xs:choice> <xs:element name="LoadBalancerService" type="xs:string" /> <xs:element maxOccurs="unbounded" name="Listener" type="Listener" /> <!-- Request/Response from Client --> <xs:element name="Snapshots" type="Snapshots"/> <!-- Only in Response from Server --> </xs:choice> </xs:complexType> <xs:complexType name="Listener"> <xs:sequence> <xs:element name="externalIPAddress" type="IP" /> <!-- Request/Response --> VMware, Inc.
  • Page 84 This schema configures the MTU threshold for the External and Internal interfaces of a vShield Edge. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VShieldEdgeConfig"> <xs:complexType> <xs:all minOccurs="0"> <xs:element name="MTU" type="MTU"/> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="MTU"> <xs:sequence> <xs:element minOccurs="0" maxOccurs="1" name="internalInterfaceMTU" type="xs:unsignedInt"/> <!-- Request/Response --> <xs:element minOccurs="0" maxOccurs="1" name="externalInterfaceMTU" type="xs:unsignedInt"/> <!-- Request/Response --> VMware, Inc.
  • Page 85 <xs:all minOccurs="0"> <xs:element name="SyslogServerConfig" type="SyslogServerConfig"/> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="SyslogServerConfig"> <xs:choice> <xs:element minOccurs="1" maxOccurs="2" name="ipAddress" type="IP" /> <xs:element name="Snapshots" type="Snapshots"/> <!-- Only in Response from Server --> </xs:choice> </xs:complexType> <xs:simpleType name="IP"> <xs:restriction base="xs:string"> <xs:pattern value="((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.) {3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"/> </xs:restriction> </xs:simpleType> VMware, Inc.
  • Page 86 Unexpected error with the server. The response is accompanied by Error Object (XML). 500 Internal Server Error 503 Service Cannot proceed with the request, because some of the services are unavailable. Example: Unavailable vShield Edge is Unreachable. The response is accompanied by Error Object (XML). VMware, Inc.
  • Page 87 30 delete configuration 36 get rule set 28 get configuration by timestamp 36 last 10 configurations 30 get rule set 33 post rule set 28 last 10 configurations 36 revert to configuration by timestamp 30 VMware, Inc.
  • Page 88 41 VPN 42 delete a tunnel for a site 41 vShield App firewall 55 delete configuration 42 vShield Edge firewall 36 get configuration by timestamp 42 get current configuration 41 get the detailed configuration 40 VMware, Inc.
  • Page 89 41 get rule set 30 delete a tunnel for a site 41 last 10 configurations 33 delete configuration 42 post rule set 31 get configuration by timestamp 42 revert to configuration by timestamp 33 get current configuration 41 VMware, Inc.
  • Page 90 SVM status 63 uninstall 18 uninstalling 63 unregistering an SVM 63 vShield Manager about 9 configure DNS 13 force sync with vShield Edge 24 sync with vCenter 13 tech support log 14 vShield Zones vShield 9 vShield Manager 9 VMware, Inc.

This manual is also suitable for:

Vshield manager 4.1.0 update 1Vshield zones 4.1.0 update 1Vshield edge 1.0.0 update 1Vshield endpoint 1.0.0 update 1

Table of Contents