VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Manuel d'utilisateur télécharger pdf (Page 77)

VMware, Inc. 77

Chapter 13 App Firewall Management

Revert to a Previous App Firewall Configuration

ThevShieldManagersavesasnapshotofAppFirewallsettingseachtimeyoucommitanewrule.Clicking

CommitcausesthevShieldManagertosavethepreviousconfigurationwithatimestampbeforeaddingthe

newrule.ThesesnapshotsareavailablefromtheReverttoSnapshotdrop‐downlist.

To revert to a previous App Firewall configuration

1InthevSphere

Client,gotoInventory>HostsandClusters.

2 Selectadatacenterorclusterresourcefromtheinventorypanel.

3ClickthevShieldApptab.

4ClickAppFirewall.

5FromtheReverttoSnapshotdrop‐downlist,selectasnapshot.

Snapshotsarepresentedintheorderoftimestamps,withthemostrecentsnapshotlisted

atthetop.

6Viewsnapshotconfigurationdetails.

7Dooneofthefollowing:

 Toreturntothecurrentconfiguration,selectthe‐optionfromtheReverttoSnapshotdrop‐downlist.

 ClickCommittooverwritethecurrentconfigurationwiththesnapshotconfiguration.

Delete an App Firewall Rule

YoucandeleteanyAppFirewallruleyouhavecreated.YoucannotdeletetheanyrulesintheDefaultRules

sectionofthetable.

To delete an App Firewall rule

1ClickanexistingrowintheAppFirewalltable.

2ClickDelete.

3ClickCommit.

Using SpoofGuard

AftersynchronizingwiththevCenterServer,thevShieldManagercollectstheIPaddressesofallvCenter

guestvirtualmachinesfromVMwareToolsoneachvirtualmachine.UptovShield4.1,vShieldtrustedtheIP

addressprovidedbyVMwareToolsonavirtualmachine.However,ifavirtualmachinehasbeen

compromised,

theIPaddresscanbespoofedandmalicioustransmissionscanbypassfirewallpolicies.

SpoofGuardallowsyoutoauthorizetheIPaddressesreportedbyVMwareTools,andalterthemifnecessary

topreventspoofing.SpoofGuardinherentlytruststheMACaddressesofvirtualmachinescollectedfromthe

VMXfilesandvSphereSDK.

OperatingseparatelyfromtheAppFirewallrules,youcanuseSpoofGuardto

blocktrafficdeterminedtobespoofed.

Whenenabled,youcanuseSpoofGuardtomonitorandmanagetheIPaddressesreportedbyyourvirtual

machinesinoneofthefollowingmodes.

 AutomaticallyTrustIPAssignmentsOnTheirFirstUse:Thismodeallowsalltrafficfromyourvirtual

machinestopasswhilebuildingatableofMAC‐to‐IPaddressassignments.Youcanreviewthistableat

yourconvenienceandmakeIPaddresschanges.

 ManuallyInspectandApproveAllIPAssignmentsBeforeUse:Thismodeblocksalltrafficuntilyou

approveeachMAC‐to‐IPaddressassignment.

NOTESpoofGuardinherentlyallowsDHCPrequestsregardlessofenabledmode.However,ifinmanual

inspectionmode,trafficdoesnotpassuntiltheDHCP‐assignedIPaddresshasbeenapproved.

1 2 ... 72 73 74 75 76 77 78 79 80 81 82 ... 161 162

Commentaires sur ces manuels

Pas de commentaire

VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Manuel d'utilisateur Page 77

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel de gestion du système VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API