VMware Cloud Community
HywelB
Enthusiast
Enthusiast

Exclude vCNS Manager 5.5 from App Firewall

Hi,

Trying to setup vCNS in a 2-node test lab but unable to install the App appliances as warning states that vCenter and vShield Manager shouldn't be firewall and best practice is that they are run on a management cluster. There is a workaround that is supposed to allow you to exclude the vm's from any rules, vShield 5 App Deep Dive Series Part 1: Deployment options for vShield Manager with vCenter Server | ..., this works great for vCenter but unfortunately the vShield Manager isn't listed to add.

Is this automatically excluded or is there a way to add the VM to this list?

Cheers

Reply
0 Kudos
3 Replies
amatt240
Enthusiast
Enthusiast

Here is the situation in simple terms:

VMware: "Here is your gun, here are some cartridges, be careful"

HywelB: "Ok"

HywelB: *loads gun, snaps off safety, and levels gun at own foot*

If you want to play, consider the VMware Hands on Labs, other wise loading the vCNS manager and everything into one vCenter is really risking things. We tried it a while back, and after the second or third time we blew things up, we decided to never speak of it again!

HywelB
Enthusiast
Enthusiast

I agree Matt Smiley Happy

But, with limited budget for test system, and its documented so assume supported, its a necessary evil I think. I just need to make sure there are blanks in the gun!!! So, did you find a way to exclude vCNS Manager?

Reply
0 Kudos
sorabhk5
VMware Employee
VMware Employee

The Manager and service virtual machines (App Firewall, Edge Gateway, Data Security virtual machines) are automatically excluded from App Firewall protection


Exclusion list is applied across all App Firewall installations within specified vShield Manager.

(Also, if a virtual machine has multiple vNICs; all of them are excluded from protection. )

All opinions expressed here are my personal opinions and not of my employer. Thanks #Sorabh [[ http://sorabhk5.in or @sorabhk5 ]]
Reply
0 Kudos