Validating Active Sessions Against The Current Zones Firewall Rules; Revert To A Previous Zones Firewall Configuration - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:

Programming manual (90 pages)

Quick start manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

Double-click each cell in the new row to type or select the appropriate information.

You can type IP addresses in the Source and Destination fields

(Optional) Select the Log check box to log all sessions matching this rule.

Click Commit.

Validating Active Sessions against the Current Zones Firewall Rules

By default, a vShield Zones instance matches firewall rules against each new session. After a session has been

established, any firewall rule changes do not affect active sessions.

The CLI command validate sessions enables you to validate active sessions against the current Zones

Firewall rule set to purge any sessions that are in violation of the current rule set. After a firewall rule set

update, you should validate active sessions to purge any existing sessions that are in violation of the updated

policy.

After the Zones Firewall update is complete, issue the validate sessions command from the CLI of a

vShield Zones instance to purge sessions that are in violation of current policy.

To validate active sessions against the current firewall rules

Update and commit the Zones Firewall rule set at the appropriate container level.

Open a console session on a vShield Zones instance issue the validate sessions command.

vShieldZones> enable

Password:

vShieldZones# validate sessions

Revert to a Previous Zones Firewall Configuration

The vShield Manager saves a snapshot of App Firewall settings each time you commit a new rule. Clicking

Commit causes the vShield Manager to save the previous configuration with a timestamp before adding the

new rule. These snapshots are available from the Revert to Snapshot drop-down menu.

To revert to a previous App Firewall configuration

In the vSphere Client, go to Inventory > Hosts and Clusters.

Select a datacenter or cluster resource from the inventory panel.

Click the vShield Zones tab.

Click Zones Firewall.

From the Revert to Snapshot drop-down list, select a snapshot.

Snapshots are presented in the order of timestamps, with the most recent snapshot listed at the top.

View snapshot configuration details.

Do one of the following:



To return to the current configuration, select the - option from the Revert to Snapshot drop-down list.



Click Commit to overwrite the current configuration with the snapshot configuration.

VMware, Inc.

Chapter 4 Zones Firewall Management

Table of Contents

This manual is also suitable for:

Vshield manager 4.1.0 update 1 Vshield zones 4.1.0 update 1 Vshield edge 1.0.0 update 1 Vshield endpoint 1.0.0 update 1

Validating Active Sessions Against The Current Zones Firewall Rules; Revert To A Previous Zones Firewall Configuration - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Validating Active Sessions against the Current Zones Firewall Rules

Revert to a Previous Zones Firewall Configuration

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Related Content for VMware VSHIELD APP 1.0.0 UPDATE 1

This manual is also suitable for:

Table of Contents