App Firewall Management; Using App Firewall; Securing Containers And Designing Security Groups - VMware VSHIELD APP 1.0 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0:

Quick start manual (30 pages)

Programming manual (94 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

App Firewall Management

vShield App provides firewall protection through access policy enforcement. The App Firewall tab represents

the vShield App firewall access control list.

App Firewall rules apply to vShield App instances, but not vShield Edge or vShield Endpoint instances.

OTE

The Zones Firewall tab becomes the App Firewall tab when the vShield App license is activated.

This chapter includes the following topics:



"Using App Firewall" on page 73



"Create an App Firewall Rule" on page 75



"Create a Layer 2/Layer 3 App Firewall Rule" on page 77



"Creating and Protecting Security Groups" on page 77



"Validating Active Sessions against the Current App Firewall Rules" on page 78



"Revert to a Previous App Firewall Configuration" on page 79



"Delete an App Firewall Rule" on page 79

Using App Firewall

The App Firewall service is a centralized, hierarchical firewall for ESX hosts. App Firewall enables you to

create rules that allow or deny access to and from your virtual machines. Each installed vShield App enforces

the App Firewall rules.

You can manage App Firewall rules at the datacenter, cluster, and port group levels to provide a consistent set

of rules across multiple vShield App instances under these containers. As membership in these containers can

change dynamically, App Firewall maintains the state of existing sessions without requiring reconfiguration

of firewall rules. In this way, App Firewall effectively has a continuous footprint on each ESX host under the

managed containers.

Securing Containers and Designing Security Groups

When creating App Firewall rules, you can create rules based on traffic to or from a specific container that

encompasses all of the resources within that container. For example, you can create a rule to deny any traffic

from inside of a cluster that targets a specific destination outside of the cluster. You can create a rule to deny

any incoming traffic that is not tagged with a VLAN ID. When you specify a container as the source or

destination, all IP addresses within that container are included in the rule.

A security group is a trust zone that you create and assign resources to for App Firewall protection. Security

groups are containers, like a vApp or a cluster. Security groups enables you to create a container by assigning

resources arbitrarily, such as virtual machines and network adapters. After the security group is defined, you

add the group as a container in the source or destination field of an App Firewall rule. See "Creating and

Protecting Security Groups" on page 77.

VMware, Inc.

Table of Contents

Troubleshooting

Need help?

Do you have a question about the VSHIELD APP 1.0 and is the answer not in the manual?

This manual is also suitable for:

Vshield manager 4.1 Vshield edge 1.0 Vshield endpoint security 1.0

App Firewall Management; Using App Firewall; Securing Containers And Designing Security Groups - VMware VSHIELD APP 1.0 Admin Manual

App Firewall Management

Using App Firewall

Securing Containers and Designing Security Groups

Troubleshooting

Need help?

Related Manuals for VMware VSHIELD APP 1.0

Related Content for VMware VSHIELD APP 1.0

This manual is also suitable for:

Table of Contents