Zones Firewall Management; Using Zones Firewall - VMware VSHIELD APP 1.0 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0:

Quick start manual (30 pages)

Programming manual (94 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

Zones Firewall Management

vShield Zones provides firewall protection access policy enforcement. Traffic details include sources,

destinations, direction of sessions, applications, and ports being used. Traffic details can be used to create

firewall allow or deny rules.

You can upgrade vShield Zones to vShield App by obtaining a vShield App license. vShield App

OTE

enhances vShield Zones protection by offering Flow Monitoring, custom container creation (Security Groups),

and container‐based access policy creation and enforcement.

You do not have to uninstall vShield Zones to install vShield App. All vShield Zones instances become vShield

App instances, the Zones Firewall becomes App Firewall, and the additional vShield App features are enabled.

This chapter includes the following topics:



"Using Zones Firewall" on page 27



"Create a Zones Firewall Rule" on page 29



"Create a Layer 2/Layer 3 Zones Firewall Rule" on page 30



"Validating Active Sessions against the Current Zones Firewall Rules" on page 31



"Revert to a Previous Zones Firewall Configuration" on page 31



"Delete a Zones Firewall Rule" on page 32

Using Zones Firewall

Zones Firewall is a centralized, hierarchical firewall for ESX hosts. Zones Firewall enables you to create rules

that allow or deny access to and from your virtual machines. Each installed vShield Zones enforces the App

Zones rules.

You can manage Zones Firewall rules at the datacenter, cluster, and port group levels to provide a consistent

set of rules across multiple vShield Zones instances under these containers. As membership in these containers

can change dynamically, Zones Firewall maintains the state of existing sessions without requiring

reconfiguration of firewall rules. In this way, Zones Firewall effectively has a continuous footprint on each ESX

host under the managed containers.

When creating Zones Firewall rules, you create 5‐tuple firewall rules based on specific source and destination IP

addresses.

VMware, Inc.

Table of Contents

Troubleshooting

Need help?

Do you have a question about the VSHIELD APP 1.0 and is the answer not in the manual?

This manual is also suitable for:

Vshield manager 4.1 Vshield edge 1.0 Vshield endpoint security 1.0

Zones Firewall Management; Using Zones Firewall - VMware VSHIELD APP 1.0 Admin Manual

Zones Firewall Management

Using Zones Firewall

Troubleshooting

Need help?

Subscribe to Our Youtube Channel

Related Manuals for VMware VSHIELD APP 1.0

Related Content for VMware VSHIELD APP 1.0

This manual is also suitable for:

Table of Contents