VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Bedienungsanleitung PDF herunterladen (Seite 77)

VMware, Inc. 77

Chapter 13 App Firewall Management

Revert to a Previous App Firewall Configuration

ThevShieldManagersavesasnapshotofAppFirewallsettingseachtimeyoucommitanewrule.Clicking

CommitcausesthevShieldManagertosavethepreviousconfigurationwithatimestampbeforeaddingthe

newrule.ThesesnapshotsareavailablefromtheReverttoSnapshotdrop‐downlist.

To revert to a previous App Firewall configuration

1InthevSphere

Client,gotoInventory>HostsandClusters.

2 Selectadatacenterorclusterresourcefromtheinventorypanel.

3ClickthevShieldApptab.

4ClickAppFirewall.

5FromtheReverttoSnapshotdrop‐downlist,selectasnapshot.

Snapshotsarepresentedintheorderoftimestamps,withthemostrecentsnapshotlisted

atthetop.

6Viewsnapshotconfigurationdetails.

7Dooneofthefollowing:

 Toreturntothecurrentconfiguration,selectthe‐optionfromtheReverttoSnapshotdrop‐downlist.

 ClickCommittooverwritethecurrentconfigurationwiththesnapshotconfiguration.

Delete an App Firewall Rule

YoucandeleteanyAppFirewallruleyouhavecreated.YoucannotdeletetheanyrulesintheDefaultRules

sectionofthetable.

To delete an App Firewall rule

1ClickanexistingrowintheAppFirewalltable.

2ClickDelete.

3ClickCommit.

Using SpoofGuard

AftersynchronizingwiththevCenterServer,thevShieldManagercollectstheIPaddressesofallvCenter

guestvirtualmachinesfromVMwareToolsoneachvirtualmachine.UptovShield4.1,vShieldtrustedtheIP

addressprovidedbyVMwareToolsonavirtualmachine.However,ifavirtualmachinehasbeen

compromised,

theIPaddresscanbespoofedandmalicioustransmissionscanbypassfirewallpolicies.

SpoofGuardallowsyoutoauthorizetheIPaddressesreportedbyVMwareTools,andalterthemifnecessary

topreventspoofing.SpoofGuardinherentlytruststheMACaddressesofvirtualmachinescollectedfromthe

VMXfilesandvSphereSDK.

OperatingseparatelyfromtheAppFirewallrules,youcanuseSpoofGuardto

blocktrafficdeterminedtobespoofed.

Whenenabled,youcanuseSpoofGuardtomonitorandmanagetheIPaddressesreportedbyyourvirtual

machinesinoneofthefollowingmodes.

 AutomaticallyTrustIPAssignmentsOnTheirFirstUse:Thismodeallowsalltrafficfromyourvirtual

machinestopasswhilebuildingatableofMAC‐to‐IPaddressassignments.Youcanreviewthistableat

yourconvenienceandmakeIPaddresschanges.

 ManuallyInspectandApproveAllIPAssignmentsBeforeUse:Thismodeblocksalltrafficuntilyou

approveeachMAC‐to‐IPaddressassignment.

NOTESpoofGuardinherentlyallowsDHCPrequestsregardlessofenabledmode.However,ifinmanual

inspectionmode,trafficdoesnotpassuntiltheDHCP‐assignedIPaddresshasbeenapproved.

1 2 ... 72 73 74 75 76 77 78 79 80 81 82 ... 161 162

Kommentare zu diesen Handbüchern

Keine Kommentare

VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Bedienungsanleitung Seite 77

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für Systemverwaltungssoftware VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API

Related products and manuals for Cassette players JVC LVT1364-006B