Zones Firewall Management; Using Zones Firewall - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:

Programming manual (90 pages)

Quick start manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

Zones Firewall Management

vShield Zones provides firewall protection access policy enforcement. Traffic details include sources,

destinations, direction of sessions, applications, and ports being used. Traffic details can be used to create

firewall allow or deny rules.

You can upgrade vShield Zones to vShield App by obtaining a vShield App license. vShield App

OTE

enhances vShield Zones protection by offering Flow Monitoring, custom container creation (Security Groups),

and container-based access policy creation and enforcement.

You do not have to uninstall vShield Zones to install vShield App. All vShield Zones instances become vShield

App instances, the Zones Firewall becomes App Firewall, and the additional vShield App features are enabled.

This chapter includes the following topics:



"Using Zones Firewall"



"Create a Zones Firewall Rule"



"Create a Layer 2/Layer 3 Zones Firewall Rule"



"Validating Active Sessions against the Current Zones Firewall Rules"



"Revert to a Previous Zones Firewall Configuration"



"Delete a Zones Firewall Rule"

Using Zones Firewall

Zones Firewall is a centralized, hierarchical firewall for ESX hosts. Zones Firewall enables you to create rules

that allow or deny access to and from your virtual machines. Each installed vShield Zones enforces the App

Zones rules.

You can manage Zones Firewall rules at the datacenter, cluster, and port group levels to provide a consistent

set of rules across multiple vShield Zones instances under these containers. As membership in these containers

can change dynamically, Zones Firewall maintains the state of existing sessions without requiring

reconfiguration of firewall rules. In this way, Zones Firewall effectively has a continuous footprint on each ESX

host under the managed containers.

When creating Zones Firewall rules, you create 5-tuple firewall rules based on specific source and destination IP

addresses.

VMware, Inc.

on page 25

on page 27

on page 28

on page 30

on page 29

Table of Contents

This manual is also suitable for:

Vshield manager 4.1.0 update 1 Vshield zones 4.1.0 update 1 Vshield edge 1.0.0 update 1 Vshield endpoint 1.0.0 update 1

Zones Firewall Management; Using Zones Firewall - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Zones Firewall Management

"Using Zones Firewall"

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Related Content for VMware VSHIELD APP 1.0.0 UPDATE 1

This manual is also suitable for:

Table of Contents