Create A Zones Firewall Rule - VMware VSHIELD APP 1.0 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0:

Quick start manual (30 pages)

Programming manual (94 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

Create a Zones Firewall Rule

Zones Firewall rules allow or deny traffic based on the following criteria:

Criteria

Source (A.B.C.D/nn)

Source Port

Destination (A.B.C.D/nn)

Destination Application

Destination Port

Protocol

You can add destination and source port ranges to a rule for dynamic services such as FTP and RPC, which

require multiple ports to complete a transmission. If you do not allow all of the ports that must be opened for

a transmission, the transmission fails.

To create a firewall rule at the datacenter level

In the vSphere Client, go to Inventory > Hosts and Clusters.

Select a datacenter resource from the resource tree.

Click the vShield Zones tab.

Click Zones Firewall.

By default, the L4 Rules option is selected.

To create L2/L3 rules, see "Create a Layer 2/Layer 3 Zones Firewall Rule" on page 30.

Do one of the following:



Click Add to add a new rule to the Data Center Low Precedence Rules (Rules below this level have

lower precedence...).



Select a row in the Data Center High Precedence Rules section of the table and click Add. A new

appears below the selected row.

Double‐click each cell in the new row to select the appropriate information.

You must type IP addresses in the Source and Destination fields, and port numbers in the Source Port

and Destination Port fields.

(Optional) Select the new row and click Up to move the row up in priority.

(Optional) Select the Log check box to log all sessions matching this rule.

Click Commit to save the rule.

To create a firewall rule at the cluster level

In the vSphere Client, go to Inventory > Hosts and Clusters.

Select a cluster resource from the resource tree.

Click the vShield Zones tab.

Click Zones Firewall.

By default, the L4 Rules option is selected.

To create L2/L3 rules, see "Create a Layer 2/Layer 3 Zones Firewall Rule" on page 30.

VMware, Inc.

Description

IP address with netmask (nn) from which the communication originated

Port or range of ports from which the communication originated. To enter a port

range, separate the low and high end of the range with a colon. For example,

1000:1100.

IP address with netmask (nn) which the communication is targeting

The application on the destination the source is targeting

Port or range of ports which the communication is targeting. To enter a port range,

separate the low and high end of the range with a colon. For example, 1000:1100.

Transport protocol used for communication

Chapter 4 Zones Firewall Management

Table of Contents

Troubleshooting

This manual is also suitable for:

Vshield manager 4.1 Vshield edge 1.0 Vshield endpoint security 1.0

Create A Zones Firewall Rule - VMware VSHIELD APP 1.0 Admin Manual

Create a Zones Firewall Rule

Troubleshooting

Related Manuals for VMware VSHIELD APP 1.0

Related Content for VMware VSHIELD APP 1.0

This manual is also suitable for:

Table of Contents