Create A Layer 2/Layer 3 App Firewall Rule; Creating And Protecting Security Groups; Add A Security Group - VMware VSHIELD APP 1.0 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0:

Quick start manual (30 pages)

Programming manual (94 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

Table of Contents

Create a Layer 2/Layer 3 App Firewall Rule

The Layer 2/Layer 3 firewall enables configuration of allow or deny rules for common Data Link Layer and

Network Layer requests, such as ICMP pings and traceroutes. You can change the default Layer 2/Layer 3 rules

from allow to deny based on your network security policy.

Layer 2/Layer 3 firewall rules allow or deny traffic based on the following criteria:

Criteria

Source (A.B.C.D/nn)

Destination (A.B.C.D/nn)

Protocol

To create a Layer 2/Layer 3 firewall rule

In the vSphere Client, go to Inventory > Hosts and Clusters.

Select a datacenter resource from the resource tree.

Click the vShield App tab.

Click App Firewall.

Click L2/L3 Rules.

Click Add.

A new row is added at the bottom of the DataCenter Rules section of the table.

Double‐click each cell in the new row to type or select the appropriate information.

You can type IP addresses in the Source and Destination fields

(Optional) Select the Log check box to log all sessions matching this rule.

Click Commit.

Layer 2/Layer 3 firewall rules can also be created from the Flow Monitoring report. See "Add an App

OTE

Firewall Rule from the Flow Monitoring Report" on page 69.

Creating and Protecting Security Groups

The Security Groups feature enables you to create custom containers to which you can assign resources, such

as virtual machines and network adapters, for App Firewall protection. After a security group is defined, you

add the security group to a firewall rule for protection.

Add a Security Group

In the vSphere Client, you can add a security group at the datacenter resource level.

To add a security group by using the vSphere Client

Click a datacenter resource from the vSphere Client.

Click the vShield App tab.

Click Security Groups.

Click Add Group.

VMware, Inc.

Description

Container, direction in relation to container, or IP address with netmask (nn) from

which the communication originated

Container, direction in relation to container, or IP address with netmask (nn) which

the communication is targeting

Transport protocol used for communication

Chapter 13 App Firewall Management

Table of Contents

Troubleshooting

Need help?

Do you have a question about the VSHIELD APP 1.0 and is the answer not in the manual?

This manual is also suitable for:

Vshield manager 4.1 Vshield edge 1.0 Vshield endpoint security 1.0

Create A Layer 2/Layer 3 App Firewall Rule; Creating And Protecting Security Groups; Add A Security Group - VMware VSHIELD APP 1.0 Admin Manual

Create a Layer 2/Layer 3 App Firewall Rule

Creating and Protecting Security Groups

Add a Security Group

Troubleshooting

Need help?

Related Manuals for VMware VSHIELD APP 1.0

Related Content for VMware VSHIELD APP 1.0

This manual is also suitable for:

Table of Contents