VMware VSHIELD APP 1.0 Admin Manual page 76

vShield Administration Guide
To create a firewall rule at the cluster level
1 In the vSphere Client, go to Inventory > Hosts and Clusters.
2 Select a cluster resource from the resource tree.
3 Click the vShield App tab.
4 Click App Firewall.
By default, the L4 Rules option is selected.
To create L2/L3 rules, see "Create a Layer 2/Layer 3 App Firewall Rule" on page 77.
5 Click Add.
A new row appears in the Cluster Level Rules section of the table.
6 Double‐click each cell in the new row to select the appropriate information.
You can type IP addresses in the Source and Destination fields, and port numbers in the Source Port and
Destination Port fields.
7 (Optional) Select the new row and click Up to move the row up in priority.
8 (Optional) Select the Log check box to log all sessions matching this rule.
9 Click Commit to save the rule.
N Layer 4 firewall rules can also be created from the Flow Monitoring report. See "Add an App Firewall
OTE
Rule from the Flow Monitoring Report" on page 69.
To create a firewall rule at the port group level
1 In the vSphere Client, go to Inventory > Networking.
2 Select a port group from the resource tree.
3 Click the vShield App tab.
4 Click App Firewall.
5 Click Add.
A new row is added at the bottom of the Secure Port Group Rules section.
6 Double‐click each cell in the new row to select the appropriate information.
You can type IP addresses in the Source and Destination fields, and port numbers in the Source Port and
Destination Port fields.
7 (Optional) Select the new row and click Up to move the row up in priority.
8 (Optional) Select the Log check box to log all sessions matching this rule.
9 Click Commit to save the rule.
N Layer 4 firewall rules can also be created from the Flow Monitoring report. See "Add an App Firewall
OTE
Rule from the Flow Monitoring Report" on page 69.
76 VMware, Inc.