Assign Resources To A Security Group; Validating Active Sessions Against The Current App Firewall Rules - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:

Programming manual (90 pages)

Quick start manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

vShield Administration Guide

Double-click the row and type a name for the group.

Click Add.

After security group creation is complete, assign resources to the group.

Assign Resources to a Security Group

You can assign virtual machines and network adapters to a security group. These resources have associated IP

addresses that define the source or destination parameters for which an App Firewall rule enforces an access

policy.

To assign resources to a security group

Click a datacenter resource from the vSphere Client.

Click the vShield App tab.

Click Security Groups.

Click the arrow next to the name of a security group to expand the details of the group.

Select a vNIC from the drop-down list and click Add.

The selected vNIC appears under vNIC Membership.

Repeat these steps for each vNIC you want to place in this security group.

Click Commit.

After assigning resources, add the security group to a firewall rule as a container. See

Firewall Rule"

Validating Active Sessions against the Current App Firewall Rules

By default, a vShield Edge matches firewall rules against each new session. After a session has been

established, any firewall rule changes do not affect active sessions.

The CLI command validate sessions enables you to validate active sessions that are in violation of the

current rule set. You would use this procedure for the following scenarios:



You updated the firewall rule set. After a firewall rule set update, you should validate active sessions to

purge any existing sessions that are in violation of the updated policy.



You viewed sessions in Flow Monitoring and determined that an existing or historical flow requires a new

access rule. After creating a firewall rule that matches the offending session, you should validate active

sessions to purge any existing sessions that are in violation of the updated policy.

After the App Firewall update is complete, issue the validate sessions command from the CLI of a vShield

App to purge sessions that are in violation of current policy.

To validate active sessions against the current firewall rules

Update and commit the App Firewall rule set at the appropriate container level.

Open a console session on a vShield App issue the validate sessions command.

vShieldApp> enable

Password:

vShieldApp# validate sessions

on page 71.

"Create an App

VMware, Inc.

Table of Contents

This manual is also suitable for:

Vshield manager 4.1.0 update 1 Vshield zones 4.1.0 update 1 Vshield edge 1.0.0 update 1 Vshield endpoint 1.0.0 update 1

Assign Resources To A Security Group; Validating Active Sessions Against The Current App Firewall Rules - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Assign Resources to a Security Group

Validating Active Sessions against the Current App Firewall Rules

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Related Content for VMware VSHIELD APP 1.0.0 UPDATE 1

This manual is also suitable for:

Table of Contents