Revert To A Previous App Firewall Configuration; Delete An App Firewall Rule; Using Spoofguard - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:

Programming manual (90 pages)

Quick start manual (30 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

page of 144

/ 144
Contents
Table of Contents
Bookmarks

Table of Contents

Revert to a Previous App Firewall Configuration

The vShield Manager saves a snapshot of App Firewall settings each time you commit a new rule. Clicking

Commit causes the vShield Manager to save the previous configuration with a timestamp before adding the

new rule. These snapshots are available from the Revert to Snapshot drop-down list.

To revert to a previous App Firewall configuration

In the vSphere Client, go to Inventory > Hosts and Clusters.

Select a datacenter or cluster resource from the inventory panel.

Click the vShield App tab.

Click App Firewall.

From the Revert to Snapshot drop-down list, select a snapshot.

Snapshots are presented in the order of timestamps, with the most recent snapshot listed at the top.

View snapshot configuration details.

Do one of the following:



To return to the current configuration, select the - option from the Revert to Snapshot drop-down list.



Click Commit to overwrite the current configuration with the snapshot configuration.

Delete an App Firewall Rule

You can delete any App Firewall rule you have created. You cannot delete the any rules in the Default Rules

section of the table.

To delete an App Firewall rule

Click an existing row in the App Firewall table.

Click Delete.

Click Commit.

Using SpoofGuard

After synchronizing with the vCenter Server, the vShield Manager collects the IP addresses of all vCenter

guest virtual machines from VMware Tools on each virtual machine. Up to vShield 4.1, vShield trusted the IP

address provided by VMware Tools on a virtual machine. However, if a virtual machine has been

compromised, the IP address can be spoofed and malicious transmissions can bypass firewall policies.

SpoofGuard allows you to authorize the IP addresses reported by VMware Tools, and alter them if necessary

to prevent spoofing. SpoofGuard inherently trusts the MAC addresses of virtual machines collected from the

VMX files and vSphere SDK. Operating separately from the App Firewall rules, you can use SpoofGuard to

block traffic determined to be spoofed.

When enabled, you can use SpoofGuard to monitor and manage the IP addresses reported by your virtual

machines in one of the following modes.



Automatically Trust IP Assignments On Their First Use: This mode allows all traffic from your virtual

machines to pass while building a table of MAC-to-IP address assignments. You can review this table at

your convenience and make IP address changes.



Manually Inspect and Approve All IP Assignments Before Use: This mode blocks all traffic until you

approve each MAC-to-IP address assignment.

SpoofGuard inherently allows DHCP requests regardless of enabled mode. However, if in manual

OTE

inspection mode, traffic does not pass until the DHCP-assigned IP address has been approved.

VMware, Inc.

Chapter 13 App Firewall Management

Table of Contents

This manual is also suitable for:

Vshield manager 4.1.0 update 1 Vshield zones 4.1.0 update 1 Vshield edge 1.0.0 update 1 Vshield endpoint 1.0.0 update 1

Revert To A Previous App Firewall Configuration; Delete An App Firewall Rule; Using Spoofguard - VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual

Revert to a Previous App Firewall Configuration

Delete an App Firewall Rule

Using SpoofGuard

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Related Content for VMware VSHIELD APP 1.0.0 UPDATE 1

This manual is also suitable for:

Table of Contents