5.1
Table Of Contents
- vShield Administration Guide
- Contents
- vShield Administration Guide
- Overview of vShield
- vShield Manager User Interface Basics
- Management System Settings
- Edit DNS Servers
- Edit the vShield Manager Date and Time
- Edit Lookup Service Details
- Edit vCenter Server
- Specify Syslog Server
- Download Technical Support Logs for vShield
- Add an SSL Certificate to Identify the vShield Manager Web Service
- Add a Cisco Switch to vShield Manager
- Working with Services and Service Groups
- Grouping Objects
- User Management
- Updating System Software
- Backing Up vShield Manager Data
- System Events and Audit Logs
- VXLAN Virtual Wires Management
- Preparing your Network for VXLAN Virtual Wires
- Create a VXLAN Virtual Wire
- Connect Virtual Machines to a VXLAN Virtual Wire
- Test VXLAN Virtual Wire Connectivity
- Viewing Flow Monitoring Data for a VXLAN Virtual Wire
- Working with Firewall Rules for VXLAN Virtual Wires
- Prevent Spoofing on a VXLAN Virtual Wire
- Editing Network Scopes
- Edit a VXLAN Virtual Wire
- Sample Scenario for Creating VXLAN Virtual Wires
- vShield Edge Management
- View the Status of a vShield Edge
- Configure vShield Edge Settings
- Managing Appliances
- Working with Interfaces
- Working with Certificates
- Managing the vShield Edge Firewall
- Managing NAT Rules
- Working with Static Routes
- Managing DHCP Service
- Managing VPN Services
- IPSec VPN Overview
- Configuring IPSec VPN Service
- Edit IPSec VPN Service
- Delete IPSec Service
- Enable IPSec Service
- Disable IPSec Service
- vShield Edge VPN Configuration Examples
- SSL VPN-Plus Overview
- Configure Network Access SSL VPN-Plus
- Configure Web Access SSL VPN-Plus
- Working with IP Pools
- Working with Private Networks
- Working with Installation Packages
- Working with Users
- Edit Client Configuration
- Working with Login and Logoff Scripts
- SSL VPN-Plus Logs
- Edit General Settings
- Edit Web Portal Design
- IPSec VPN Overview
- Managing Load Balancer Service
- About High Availability
- Configure DNS Servers
- Configure Remote Syslog Servers
- Change CLI Credentials
- Upgrade vShield Edge to Large or X-Large
- Download Tech Support Logs for vShield Edge
- Synchronize vShield Edge with vShield Manager
- Redeploy vShield Edge
- Service Insertion Management
- vShield App Management
- Sending vShield App System Events to a Syslog Server
- Viewing the Current System Status of a vShield App
- Restart a vShield App
- Forcing a vShield App to Synchronize with the vShield Manager
- Viewing Traffic Statistics by vShield App Interface
- Download Technical Support Logs for vShield App
- Configuring Fail Safe Mode for vShield App Firewall
- Excluding Virtual Machines from vShield App Protection
- vShield App Flow Monitoring
- vShield App Firewall Management
- vShield Endpoint Events and Alarms
- vShield Data Security Management
- vShield Data Security User Roles
- Defining a Data Security Policy
- Editing a Data Security Policy
- Running a Data Security Scan
- Viewing and Downloading Reports
- Creating Regular Expressions
- Available Regulations
- Arizona SB-1338
- ABA Routing Numbers
- Australia Bank Account Numbers
- Australia Business and Company Numbers
- Australia Medicare Card Numbers
- Australia Tax File Numbers
- California AB-1298
- California SB-1386
- Canada Social Insurance Numbers
- Canada Drivers License Numbers
- Colorado HB-1119
- Connecticut SB-650
- Credit Card Numbers
- Custom Account Numbers
- EU Debit Card Numbers
- FERPA (Family Educational Rights and Privacy Act)
- Florida HB-481
- France IBAN Numbers
- France National Identification Numbers Policy
- Georgia SB-230 Policy
- Germany BIC Numbers Policy
- Germany Driving License Numbers Policy
- Germany IBAN Numbers Policy
- Germany National Identification Numbers Policy
- Germany VAT Numbers Policy
- Hawaii SB-2290 Policy
- HIPAA (Healthcare Insurance Portability and Accountability Act) Policy
- Idaho SB-1374 Policy
- Illinois SB-1633
- Indiana HB-1101 Policy
- Italy Driving License Numbers Policy
- Italy IBAN Numbers Policy.
- Italy National Identification Numbers Policy
- Kansas SB-196 Policy
- Louisiana SB-205 Policy
- Maine LD-1671 Policy
- Massachusetts CMR-201
- Minnesota HF-2121
- Montana HB-732
- Netherlands Driving Licence Numbers
- Nevada SB-347
- New Hampshire HB-1660
- New Jersey A-4001
- New York AB-4254
- New Zealand Inland Revenue Department Numbers
- New Zealand Ministry of Health Numbers
- Ohio HB-104
- Oklahoma HB-2357
- Patient Identification Numbers
- Payment Card Industry Data Security Standard (PCI-DSS)
- Texas SB-122
- UK BIC Numbers
- UK Driving Licence Numbers
- UK IBAN Numbers
- UK National Health Service Numbers
- UK National Insurance Numbers (NINO)
- UK Passport Numbers
- US Drivers License Numbers
- US Social Security Numbers
- Utah SB-69
- Vermont SB-284
- Washington SB-6043
- Available Content Blades
- ABA Routing Number Content Blade
- Admittance and Discharge Dates Content Blade
- Alabama Drivers License Content Blade
- Alaska Drivers License Content Blade
- Alberta Drivers Licence Content Blade
- Alaska Drivers License Content Blade
- Alberta Drivers Licence Content Blade
- American Express Content Blade
- Arizona Drivers License Content Blade
- Arkansas Drivers License Content Blade
- Australia Bank Account Number Content Blade
- Australia Business Number Content Blade
- Australia Company Number Content Blade
- Australia Medicare Card Number Content Blade
- Australia Tax File Number Content Blade
- California Drivers License Number Content Blade
- Canada Drivers License Number Content Blade
- Canada Social Insurance Number Content Blade
- Colorado Drivers License Number Content Blade
- Connecticut Drivers License Number Content Blade
- Credit Card Number Content Blade
- Credit Card Track Data Content Blade
- Custom Account Number Content Blade
- Delaware Drivers License Number Content Blade
- EU Debit Card Number Content Blade
- Florida Drivers License Number Content Blade
- France Driving License Number Content Blade
- France BIC Number Content Blade
- France IBAN Number Content Blade
- France National Identification Number Content Blade
- France VAT Number Content Blade
- Georgia Drivers License Number Content Blade
- Germany BIC Number Content Blade
- Germany Driving License Number Content Blade
- Germany IBAN Number Content Blade
- Germany National Identification Numbers Content Blade
- Germany Passport Number Content Blade
- Germany VAT Number Content Blade
- Group Insurance Numbers Content Blade
- Hawaii Drivers License Number Content Blade
- Italy National Identification Numbers Content Blade
- Health Plan Beneficiary Numbers
- Idaho Drivers License Number Content Blade
- Illinois Drivers License Number Content Blade
- Indiana Drivers License Number Content Blade
- Iowa Drivers License Number Content Blade
- Index of Procedures Content Blade
- Italy Driving License Number Content Blade
- Italy IBAN Number Content Blade
- ITIN Unformatted Content Blade
- Kansas Drivers License Number Content Blade
- Kentucky Drivers License Number Content Blade
- Louisiana Drivers License Number Content Blade
- Maine Drivers License Number Content Blade
- Manitoba Drivers Licence Content Blade
- Maryland Drivers License Number Content Blade
- Massachusetts Drivers License Number Content Blade
- Michigan Drivers License Number Content Blade
- Minnesota Drivers License Number Content Blade
- Mississippi Drivers License Number Content Blade
- Missouri Drivers License Number Content Blade
- Montana Drivers License Number Content Blade
- NDC Formulas Dictionary Content Blade
- Nebraska Drivers License Number Content Blade
- Netherlands Driving Licence Number Content Blade
- Netherlands IBAN Number Content Blade
- Netherlands National Identification Numbers Content Blade
- Netherlands Passport Number Content Blade
- Nevada Drivers License Number Content Blade
- New Brunswick Drivers Licence Content Blade
- New Hampshire Drivers License Number Content Blade
- New Jersey Drivers License Number Content Blade
- New Mexico Drivers License Number Content Blade
- New York Drivers License Number Content Blade
- New Zealand Health Practitioner Index Number Content Blade
- New Zealand Inland Revenue Department Number
- New Zealand National Health Index Number Content Blade
- Newfoundland and Labrador Drivers Licence Content Blade
- North Carolina Drivers License Number Content Blade
- North Dakota Drivers License Number Content Blade
- Nova Scotia Drivers Licence Content Blade
- Ohio Drivers License Number Content Blade
- Oklahoma License Number Content Blade
- Ontario Drivers Licence Content Blade
- Oregon License Number Content Blade
- Patient Identification Numbers Content Blade
- Pennsylvania License Number Content Blade
- Prince Edward Island Drivers Licence Content Blade
- Protected Health Information Terms Content Blade
- Quebec Drivers Licence Content Blade
- Rhode Island License Number Content Blade
- Saskatchewan Drivers Licence Content Blade
- SIN Formatted Content Blade
- SIN Unformatted Content Blade
- SSN Formatted Content Blade
- SSN Unformatted Content Blade
- South Carolina License Number Content Blade
- South Dakota License Number Content Blade
- Spain National Identification Number Content Blade
- Spain Passport Number Content Blade
- Spain Social Security Number Content Blade
- Sweden IBAN Number Content Blade
- Sweden Passport Number Content Blade
- Tennessee License Number Content Blade
- UK BIC Number Content Blade
- UK Driving License Number Content Blade
- UK IBAN Number Content Blade
- UK National Health Service Number Content Blade
- UK NINO Formal Content Blade
- UK Passport Number Content Blade
- Utah License Number Content Blade
- Virginia License Number Content Blade
- Visa Card Number Content Blade
- Washington License Number Content Blade
- Wisconsin License Number Content Blade
- Wyoming License Number Content Blade
- Supported File Formats
- Troubleshooting
- Index
Option Action
Host Name
Type the host name of the DHCP client virtual machine.
IP Address
Type the address to which to bind the MAC address of the selected virtual
machine.
Domain Name
Type the domain name of the DNS server.
Primary Name Server
If you did not select Auto Configure DNS, type the Primary Nameserver
for the DNS service. You must enter the IP address of a DNS server for
hostname-to-IP address resolution.
Secondary Name Server
If you did not select Auto Configure DNS, type the Secondary
Nameserver for the DNS service. You must enter the IP address of a DNS
server for hostname-to-IP address resolution.
Default Gateway
Type the default gateway address. If you do not specify the default gateway
IP address, the internal interface of the vShield Edge instance is taken as the
default gateway.
Lease Time
If you did not select Lease never expires, select whether to lease the address
to the client for the default time (1 day), or type a value in seconds.
9 Click Add.
10 Click Publish Changes.
What to do next
Verify that the DHCP service is enabled. The DHCP Service Status above the DHCP Pools panel must be set
to Enabled.
Managing VPN Services
vShield Edge modules support site-to-site IPSec VPN between a vShield Edge instance and remote sites.
vShield Edge modules also support SSL VPN-Plus to allow remote users to access private corporate
applications.
1 IPSec VPN Overview on page 80
vShield Edge modules support site-to-site IPSec VPN between a vShield Edge instance and remote sites.
2 SSL VPN-Plus Overview on page 103
With SSL VPN-Plus, remote users can connect securely to private networks behind a vShield Edge
gateway. Remote users can access servers and applications in the private networks.
IPSec VPN Overview
vShield Edge modules support site-to-site IPSec VPN between a vShield Edge instance and remote sites.
vShield Edge supports certificate authentication, preshared key mode, IP unicast traffic, and no dynamic
routing protocol between the vShield Edge instance and remote VPN routers. Behind each remote VPN router,
you can configure multiple subnets to connect to the internal network behind a vShield Edge through IPSec
tunnels. These subnets and the internal network behind a vShield Edge must have address ranges that do not
overlap.
You can deploy a vShield Edge agent behind a NAT device. In this deployment, the NAT device translates the
VPN address of a vShield Edge instance to a publicly accessible address facing the Internet. Remote VPN
routers use this public address to access the vShield Edge instance.
You can place remote VPN routers behind a NAT device as well. You must provide the VPN native address
and the VPN Gateway ID to set up the tunnel. On both ends, static one-to-one NAT is required for the VPN
address.
You can have a maximum of 64 tunnels across a maximum of 10 sites.
vShield Administration Guide
80 VMware, Inc.