VMware VSHIELD APP 1.0 - API Manual do Utilizador descarregar pdf (Página 71)

VMware, Inc. 71

Chapter 6 vShield App Management

</VshieldAppConfiguration>

Get Fail-Safe Mode Configuration for vShield App Firewall

Example 6-12. Get fail-safe mode configuration

Example:

GET https://<vsm-ip>/api/2.1/app/failsafemode

Working with SpoofGuard

ItispossibleforaguestoperatingsystemtospoofitsIPaddresssothatVMwareToolswouldmisreportitto

vCenterServer.TheSpoofGuardfeatureallowsthedatacenteradministratortocertifyandauthorizereported

IPaddresses,andifnecessary,alterthem.ThisisdonebycheckingtheIPaddressagainst

thevirtualmachine’s

MACaddress,whichcomesfromtheVMXandcannotbespoofed.

TheSpoofGuardfeatureisorthogonaltofirewallrules.SpoofGuardblockstrafficifitthinkstheIPisspoofed,

whetherornotfirewallrulessaytoblock.

Get SpoofGuard Global Settings

YoucanretrieveSpoofGuardsettingssuchasthestatus(disabledorenabled),modeofoperation,timestamp,

andpublishingauthority.

Example 6-13. Get SpoofGuard settings

Example:

GET https://<vsm-ip>/api/2.0/spoofGuard/globalSettings

Edit SpoofGuard Global Settings

YoucanmodifytheSpoofGuardsettings.

Example 6-14. Edit SpoofGuard settings

Example:

POST https://<vsm-ip>/api/2.0/spoofGuard/globalSettings

RequestBody:

<status>enabled</status>

<mode>trustOnFirstUse</mode>

</globalSettings>

</VshieldConfiguration>

Statuscanbeenabledordisabled.ModecanbetrustOnFirstUseormanual.

Get SpoofGuard IP Settings

YoucanretrievealistofSpoofGuardsettings,includedIPaddressessuspectedofbeingforged,thusblocked.

1 2 ... 66 67 68 69 70 71 72 73 74 75 76 ... 131 132

Sem comentários

VMware VSHIELD APP 1.0 - API Manual do Utilizador Página 71