VMware VSHIELD APP 1.0 - API Instrukcja Użytkownika Strona 47
- Strona / 104
- Spis treści
- BOOKMARKI
Oceniono. / 5. Na podstawie oceny klientów
VMware, Inc. 47
Chapter 5 vShield Edge Management
</vshieldEdgeConfig>
Configure VPN
vShieldEdgeagentssupportsite‐to‐siteIPsecVPNbetweenanEdgeapplianceandremotesites.Onbothends,
staticone‐to‐oneNATisrequiredfortheVPNaddress.vShieldEdgeagentssupportpre‐sharedkeymode,
x/5‐0Certificatemode,IPunicasttraffic,andnodynamicroutingprotocolbetween
theEdgeandremoteVPN
routers.BehindeachremoteVPNrouter,youcanconfiguremultiplesubnetstoconnecttheinternalnetwork
behindavShieldEdgethroughIPSectunnels.SubnetsandtheinternalnetworkbehindvShieldEdgemust
havenon‐overlappingaddressranges.
YoucandeployavShieldEdgeagentbehinda
NATdevice,whichtranslatestheEdgeagent’sVPNaddress
intoapublicaccessibleaddressfacingtheInternet;remoteVPNroutersusethispublicaddresstoaccessthe
vShieldEdge.RemoteVPNrouterscanbelocatedbehindaNATdeviceaswell.Youmustprovideboththe
VPNnativeaddressand
theNATpublicaddresstosetupthetunnel.
AllVPNsettingsconfiguredbyusingRESTrequestsappearun der thevShieldEdge>VPNta b forthe
appropriatevShieldEdge inthevShieldManageruserinterfaceandinthevSphereClientplug‐in.
FortheVPNschema,see“vShieldEdgeSchemas”on
page 88.SampleXMLrequestbody:
Example 5-27. Configure a VPN
POST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/edge
<vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0">
<ipsecSiteToSiteConfig>
<globalConfig>
<id>10.112.2.50</id>
<ipAddress>10.112.2.50</ipAddress>
<enableLog>false</enableLog>
</globalConfig>
<siteConfig>
<peerName>site1</peerName>
<peerId>site1</peerId>
<peerIpAddress>10.112.2.145</peerIpAddress>
<localSubnet>192.168.10.0/24</localSubnet>
<peerSubnet>192.168.20.0/24</peerSubnet>
<authenticationMode>psk</authenticationMode>
<preSharedKey>test</preSharedKey>
<encryptionAlgorithm>3des</encryptionAlgorithm>
<enablePfs>true</enablePfs>
<dhGroup>dh2</dhGroup>
</siteConfig>
</ipsecSiteToSiteConfig>
</vshieldEdgeConfig>
Forthedatapathtowork,youneedtochangethedefaultfirewallpolicytoallow,orpunchFirewallrulesto
allowdatatrafficonVPNandinternalinterfaces.Rules:
The<id>isauniqueIDusedbyallpeerstoidentifythisvShieldEdgeVPNgateway.Intheexample,itis
thesameas<ipAddress>.
SimilartothepreSharedKeyinsiteConfig,theoptionalpreSharedKeyForDynamicIpSitesin
globalConfigisapre‐sharedkeyforusebyallpeerswhenconnectingwithanunknownIPaddress.
The<peerName>adescriptivenameofthepeer.
The<peerId>isanIDtouniquelyidentifythepeer,usedtodefinepoliciesforthepeerandforpeer
authentication.Forpeersusingcertificateauthentication,thisIDmustbethecommonnameinthepeer’s
certificate.ForPSKpeers,thisIDcanbeanystring,butideallythepublicIP
addressoftheVPNorthe
FQDNfortheVPNservice.
- EN-000608-00 1
- 2 VMware, Inc 2
- Contents 3
- 5 vShieldEdgeManagement 37 4
- 6 vShieldAppManagement 53 5
- Appendix 77 6
- About This Book 7
- Support Offerings 8
- VMware Professional Services 8
- Overview of VMware vShield 9
- 10 VMware, Inc 10
- Multitenancy 11
- How REST Works 12
- Using the vShield REST API 12
- About the REST API 13
- RESTful Workflow Patterns 13
- 14 VMware, Inc 14
- VMware, Inc. 15 15
- Retrieving Tech Support Logs 16
- User Management 17
- Update a Local User Account 18
- Remove a User Account 18
- Role Management 19
- Get a List of Possible Roles 20
- Get a List of Scoping Objects 20
- Create an IPset on a Scope 20
- Get Details of an IPset 21
- Modify an Existing IPset 21
- Delete an IPset 21
- Create a MACset on a Scope 22
- Get Details of a MACset 22
- Modify an Existing MACset 22
- Delete a MACset 23
- Get Members for a Scope 24
- Get Security Group Details 24
- Modify a Security Group 24
- Delete a Security Group 25
- Add Member to Security Group 25
- List Applications on a Scope 25
- Add Application to a Scope 26
- Get Details of an Application 26
- Modify Application Details 27
- Delete Application from Scope 27
- 28 VMware, Inc 28
- Endpoint 29
- 30 VMware, Inc 30
- VMware, Inc. 31 31
- 32 VMware, Inc 32
- Installing a vShield Edge 33
- 34 VMware, Inc 34
- VMware, Inc. 35 35
- Uninstalling a vShield Edge 36
- Configuring vShield Edge 37
- Switch to New API Version 38
- Configuring Edge Services 39
- Configure Firewall 40
- Change Firewall Rule to Allow 41
- Revert Firewall to Default 42
- Configure Static Routing 43
- Configure NAT 43
- Delete NAT Configuration 44
- Configure Load Balancer 45
- Miscellaneous 46
- Configure VPN 47
- Manage VPN Service 48
- Delete the VPN Configuration 48
- VMware, Inc. 49 49
- Operating vShield Edge 50
- Debugging and Support 51
- Get Service Statistics 52
- Retrieve Datacenter State 53
- Modify Datacenter State 54
- VMware, Inc. 55 55
- Working with SpoofGuard 56
- Working with Namespaces 57
- Get Namespace Details 58
- Delete a Namespace 58
- Upgrading vShield App 59
- 60 VMware, Inc 60
- Register a Vendor 61
- Register a Solution 62
- Activate a Solution 63
- Get Vendor Registration 64
- Get Solution Registration 64
- Get IP Address of a Solution 64
- Unregister a Vendor 64
- Status Codes and Error Schema 65
- Error Schema 66
- VMware, Inc. 67 67
- Retrieve All Regulations 68
- Enable a Regulation 68
- VMware, Inc. 69 69
- Configure File Filters 70
- Retrieve the Saved SDD Policy 71
- Request: 72
- Data Security Scanning 73
- Analyzing Results 74
- VMware, Inc. 75 75
- 76 VMware, Inc 76
- 78 VMware, Inc 78
- VMware, Inc. 79 79
- 80 VMware, Inc 80
- VMware, Inc. 81 81
- 82 VMware, Inc 82
- VMware, Inc. 83 83
- 84 VMware, Inc 84
- VMware, Inc. 85 85
- 86 VMware, Inc 86
- VMware, Inc. 87 87
- 88 VMware, Inc 88
- VMware, Inc. 89 89
- 90 VMware, Inc 90
- VMware, Inc. 91 91
- 92 VMware, Inc 92
- VMware, Inc. 93 93
- 94 VMware, Inc 94
- VMware, Inc. 95 95
- 96 VMware, Inc 96
- VMware, Inc. 97 97
- 98 VMware, Inc 98
- VMware, Inc. 99 99
- Error Message Schema 100
- VMware, Inc. 101 101
- Appendix 101
- 102 VMware, Inc 102
- VMware, Inc. 103 103
- 104 VMware, Inc 104
Powiązane produkty i podręczniki dla Networking VMware VSHIELD APP 1.0 - API
(23 strony)© 2020, manymanuals.pl. Wszelkie prawa zastrzeżone. | 0.031 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentarze do niniejszej Instrukcji