VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Manuale Utente Scaricare il pdf (Pagina 34)

vShield API Programming Guide

34 VMware, Inc.

Example:

GET /api/1.0/network/network-244/firewall/rules HTTP/1.1

Authorization: Basic YWRtaW46ZGVmYXVsdA==

Host: 10.112.196.213

Post a Firewall Rule Set

YouaddallfirewallrulesasasetforeachvShieldEdge.ThevShieldManagerprocessesthepostedXMLfile

asacompleterulesetforthespecifiedvShieldEdge.Thenewrulesetreplacestheentirepreviousruleset.

Example 5-26. Post the Firewall Rule Set on a vShield Edge

Request:

POST <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules

<sourceIpAddress>see_below</sourceIpAddress>

<sourcePort>see_below</sourcePort>

<destinationIpAddress>see_below</destinationIpAddress>

<destinationPort>see_below</destinationPort>

<action>allow|deny</action>

</FirewallRule>

</FirewallConfig>

</VShieldEdgeConfig>

Rules:

 Youcanaddmultiplefirewallrulesbyenteringmultiple<FirewallRule></FirewallRule>sectionsinthe

body.

 For<protocol />optionstcpandudp,youmustspecifysourcePortanddestinationPortelements.

Foroptionsicmpandany,thesourcePortanddestinationPortelementsarenotexpected.

 Youmustadd<icmpType />ifyouconfigureicmpastheprotocol.

 Loggingisdisabledbydefault.Toenablelogging,adda<log />elementwithin<FirewallRule />.

 ThesourceIpAddressanddestinationIpAddressparameterscanbeenteredineitherofthese

formats.

<ipAddress>IpOrAny</ipAddress>

<rangeStart>low_ip_address</rangeStart>

<rangeEnd>high_ip_address</rangeEnd>

</IpRange>



ThesourcePortanddestinationPortparameterscanbeenteredineitherofthefollowingformats.

<port>PortOrAny</port>

</PortRange>

1 2 ... 29 30 31 32 33 34 35 36 37 38 39 ... 89 90

Nessun commento

VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Manuale Utente Pagina 34