vSwitch and firewalls

Similar Questions

• After installation of Service Pack 1 for Vista 64 bits, Windows Security says Malware and firewalls are off.

  I recently reinstalled my copy of Vista 64 bit I hope to solve this problem that has been with me for a while.  Before I wiped and reloaded, Security Center Windows would alert me every day that my firewall protection and malware have been disabled.

  I use Kaspersky Internet Security, which is fully updated and works as it should.  I am able to activate Windows Firewall and bypass the firewall Kaspersky and that error to go away, however, I can't remove the error of malicious software.  I got all these errors directly after a restart after the installation of service pack 1.

  Under Windows Security Center it says, "Kaspersky Internet Security reports that it is turned off," under the heading for malware protection.  When I click on the button to activate under Windows Security, it goes through the steps who say do you trust this program, Yes, Yes, ok.  After choosing all the options of trust Kaspersky and activate this protection, he thinks about it a little, but always returned and said it's off.  It also has a green light saying that Windows Defender is actively protecting your computer.

  I think that my Internet Security Suite is successfully active in these areas and work I checked the menu, check that they work.  In my opinion, after installation of service pack 1 that something I have messed up in the statement that those programs are active or really uninstalled them.

  Even if I can get the only message that the Kaspersky firewall is disabled to disappear by enabling the Windows Firewall, which is not yet as I want.  I want the suite of internet security that I paid to be active and functional on the side of the Windows security features.

  I would appreciate any help with this problem by addressing why he continues to warn me that my protection malware and firewalls are disabled.  Thank you.

  Also install Windows Vista SP2 this problem could be solved, otherwise try to uninstall and reinstall Kaspersky and also, try to get the latest version of Kaspersky.

  If still the same issue please contact Kaspersky support.

• VLANS can be configured at the vSwitch and Portgroup level?

  Dear friends,

  I hope that all do you good...

  Two statements are true about groups of ports and VLAN defined on a switch vNetwork Standard? (Choose two)

  A. A VLAN can be configured for the entire virtual switch or on groups of individual ports

  B. several groups of ports can specify the same VLAN

  C. VLAN can only be configured on individual port groups

  D. several VLANS can be specified in a port group

  VLANS can be configured at the vSwitch and Portgroup level?

  B. several groups of ports can specify the same VLAN

  C. VLAN can only be configured on individual port groups

• Why do I need "Promiscuous" Mode when you use multiple vSwitches and a bridge?

  Hello guys,.

  5.5 ESXi running.

  I created two vSwitches and putting multiple virtual machines in each vSwitch. I have a CentOS VM with two network cards, one in each vSwitch. I configured the CentOS VM to work as a bridge. I could spend between devices on a vSwitch pings, but ping has no devices on a vSwitch devices on the other (through the CentOS acting as a bridge). The ARP requests have been sent across the bridge, but have never had sent answers ARP. I checked around online and someone recommended to enable Promiscuous Mode. I activated the Promiscuous Mode (changing to refuse to accept) on the two vSwitches (which is then applied to the change to all virtual machines). You can read more about that here: VMware KB: how "Promiscuous" mode operates on the virtual level switch and portgroup

  Now all of a sudden, everything works.

  My question is: why?

  I think that I don't want to Promiscuous Mode unless it must be such that it will result in more traffic to each VM it had reached before. I don't really understand why I need to authorize this change, and any help would be nice!

  Without promiscuous mode, vSwitch and port group will only transmit traffic VMs (MAC addresses) that are directly related to the port groups, he will not learn the MAC addresses that, in your case, are the other side of the bridge. The "Promiscuous" mode, all traffic is sent to each virtual machine on the vSwitch and port group and it's virtual machine to decide what to do with the network packets. As you have already mentioned, this isn't a parameter that you want to apply to a large number of virtual machines. For this reason, you can create a second group of ports on the vSwitch with only of CentOS virtual machine and activate the "Promiscuous" mode on only this group port rather than the vSwitch.

  André

• Handling VSwitch and network

  Hi, I have have a question: How fact un Working VSwitch , If two virtual machines to communicate between them. If the data on the network is sent to the NIC and then the material or communication is managed in the VSwitch?

  
  

  Greetings from the Germany!

  
  

  Michael Burkhardt

  
  

  If virtual machines are on the same vSwitch and VLAN traffic is not struck the physical network adapter.  If virtual machines have been on different vSwitches, traffic would hit the physical network.  Even if the virtual machines are on different VLAN traffic would pass through your router.

• vSwitch and Portgroup security settings

  I'm looking for a way to query the security settings ("Promiscuous" Mode, forged passes and changes of MAC) the vSwitches and exchanges. MY PS skills are limited. I can get about this until now especially of patching together various scripts that I found. However at this point, I provide a vSwitch and even when I am able to get this information I don't know what to do after that.

  {Foreach ($VMHost in Get-VMHost)

  Foreach ($vSwitch to ($VMHost |)) Get - VirtualSwitch)) {}

  $hostMoRef = get-VMHost $VMhost | % {Get-view $_.} ID}

  $hostNetwork = $hostMoRef.configManager.networkSystem

  $hostNetworkMoRef = get-views $hostNetwork

  $hostNetworkMoRef.NetworkInfo

  }

  }

  PowerCLI 4.1, you can use the property, Extensiondata get to the managed object.

  To display the list of all your vSwitches and their exchanges, security settings, you can do something like this

  foreach ($VMHost in Get-VMHost){
       foreach($vSwitch in $VMHost.ExtensionData.Config.Network.Vswitch){
            Write-Host $vSwitch.Name
            Write-Host "`tPromiscuous mode:" $vSwitch.Spec.Policy.Security.AllowPromiscuous
            Write-Host "`tForged transmits:" $vSwitch.Spec.Policy.Security.ForgedTransmits
            Write-Host "`tMAC Changes:" $vSwitch.Spec.Policy.Security.MacChanges
            foreach($portgroup in ($VMHost.ExtensionData.Config.Network.Portgroup | where {$_.Vswitch -eq $vSwitch.Key})){
                 Write-Host "`n`t" $portgroup.Spec.Name
                 Write-Host "`t`tPromiscuous mode:" $portgroup.Spec.Policy.Security.AllowPromiscuous
                 Write-Host "`t`tForged transmits:" $portgroup.Spec.Policy.Security.ForgedTransmits
                 Write-Host "`t`tMAC Changes:" $portgroup.Spec.Policy.Security.MacChanges
            }
       }
  }
  

  Note that the a security framework for a portgroup will be empty (= not) when he uses the corresponding inherited vSwitch parameter.

  ____________

  Blog: LucD notes

  Twitter: lucd22

• Adding vswitch and portgroup in a stat report information

  Hi - I have a script that details stats for 24 hours. I'm trying to change so that it displays the name of vSwitch the VMNIC is attached to (IE vSwitch0 vSwitch1 etc).  I tried to get the information to display, but I either get a column empty, or I get all vswitches listed in each row.  Any advice?  Thanks in advance

  $date = get-date

  $vccred = import-pscredential-path xxxxxx

  to connect-VIServer-Server xxxxxx-Credential $vccred

  $metrics = "net.received.average", "net.transmitted.average".

  $todayMidnight = get-Date-time-Minute 0 - 0 - 0 second

  $start = $todayMidnight.AddDays(-1). AddSeconds (1)

  $finish = $todayMidnight

  foreach ($cluster Get-cluster | name tri-objet)

  {

  ConvertTo-Html-body"

  $cluster

  " | Out-file - add $htmlNICstats
  
  $clusterTmp = @)
  write-host ">" $cluster
  foreach ($esxImpl in (get-vmhost-location $cluster |)) Sort-Object name))
  {
  write-host ">" $esxImpl

  $ESXHostTMP = @)

  $esx = $esxImpl | Get-View

  {foreach ($vmhost to $esx)

  $stats = get-Stat-entity $esximpl - Stat $metrics - start $start - finishing $finish

  $stats | Group-object - property Instance. where {$_.} {Name - not ""} | %{

  $row = "" | Select Date, NIC, vswitch and NOMCLUSTER, 'Max send Mbps', 'ESX Name","Max has received Mbps. "

  $row.clustername = $cluster.name

  $row.vswitch =

  $row. "" ESX Name ' = $_. Group [0]. @entity.name

  $row. Date = $start. ToShortDateString()

  $row. NIC = $_. Group [0]. Instance

  $row. "" MBps Max Send "=" {0: F2} "f (($_.)) Group | where {$_.} MetricId - eq "net.transmitted.average"} | Measure - Object - property - maximum value). Maximum / 1 KB)

  $row. "" Max received Mbps "=""(($_.) f) Group | where {$_.} MetricId - eq "net.received.average"} | Measure - Object - property - maximum value). Maximum / 1 KB)

  $ESXHostTMP += $row

  $Report = $Report + $row

  }

  }

  $ESXHostTMP | Nic Tri-objet | ConvertTo-Html-property NOMCLUSTER, vswitch, "ESX Name", Date, NIC, "Max send Mbps", "Max received Mbps | Out-file - add $htmlNICStats

  }

  The script looks only at the active network cards.

  $pg = $vmhost.Config.Network.Portgroup |where {$_.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -contains $group.group[0].Instance} | %{$_.Spec.Name}
  

  If you want to include network standby cards as well, this line should be

  $pg = $vmhost.Config.Network.Portgroup |where {$_.ComputedPolicy.NicTeaming.NicOrder.ActiveNic -contains $group.group[0].Instance -or $_.ComputedPolicy.NicTeaming.NicOrder.standbyNic -contains $group.group[0].Instance} | %{$_.Spec.Name}
  

  Let me know if it gives the results you expect.

  ____________

  Blog: LucD notes

  Twitter: lucd22

• vSwitch and NIC.

  Hello

  ESX35, what is the gain in speed if I attribute more than 1 NIC to a vSwitch?  I have a vSwitch with 3 active adapters 100 MB and 1 adapter ensures 100 MB.  This means that the vSwitch can talk to a switch physical gigabit high-speed 300 MB?  I copied a 10 GB from a physical PC to a virtual machine, but do not see a difference between a 3 adapter vswitch and a vSwitch 1 adapter.

  Thank you.

  Exactly.

  Marcelo Soares

  VMWare Certified Professional 310/410

  Technical Support Engineer

  Globant Argentina

  Review the allocation of points for "useful" or "right" answers.

• vSwitch and DvSwitch

  Guys,

  Obviously without revealing review information can someone tell if vSwitches and distributed are covered in one of the reviews that you did for VCP4.

  Anyone know precisely where I can get more information - seem to break the course and labs, but need more information on the switches

  Thank you

  I would say that know the action plan

  http://myLearn.VMware.com/LCMS/mL_faq/2726/VMware%20Certified%20Professional%20on%20vSphere%204%20Blueprint%208.13.09.PDF

• How to see the VSwitch and PortGroup properties in the managed object browser

  Hello

  We have a laboratory infrastructure VI3, with a VC and some ESX servers running.

  In the managed object browser, I'd like to see the properties of certain objects,

  especially the VSwitches and exchanges.

  How do I see VSwitch and exchanges from the CROWD. Here's my data:

  ESX IP address: 192.188.0.228

  VSwitch name: vSwitch0

  The port group name: VM_PG

  I know that we can see these properties of Client VI, but I really want to see values

  returned for each of the attributes defined in the WSDL file and the CROWD precisely

  allows me to do. This will help me to do a bit on our end of modeling.

  I tried, but I couldn't really vSwitch. Grateful if someone can give inputs.

  Thank you

  Try this:

  https://A.B.C.D/mob/?moid=ha-host&doPath=config.network
  

  and more precisely which lists out them the portgroup and vSwitches

  https://A.B.C.D/mob/?moid=ha-host&doPath=config.network
  

  =========================================================================

  William Lam

  VMware vExpert 2009

  Scripts for VMware ESX/ESXi and resources at: http://engineering.ucsb.edu/~duonglt/vmware/

  http://Twitter.com/lamw

• Backdoor in Cisco routers and firewalls.

  The more I read on the NSA scandal (and Yes, I apparently a scandal) less I trust corporations hardware and software.  There is no reason for anyone to doubt that all Cisco equipment comes with a backdoor.  Because these probable backdoors exist it's a matter of time before hackers discover and exploit them.  It's happened to Microsoft a number of times and there is no reason that it could not happen to Cisco.  It is no longer our trust Cisco equipment and have already started researching alternatives network.

  It is more a crazy conspiracy theory, that is the reality.

  In all liklihood, we use a series of firewall to further isolate our network against intrusions.  To reduce costs, we can keep our existing in this topology Cisco equipment, but we will replace hardware Cisco when it breaks down or needs to be upgraded.  I do the same thing with my home network.

  In the last months, we already moved all of our e-mail to secure servers overseas and changed all our McAfee, AVG and Avast antivirus software.  We are also researching Linux distributions to replace Microsoft.

  If Cisco wants to protect their brand, they need to take a stand or see their market share continue to erode.  There must be a CEO to a U.S. company that will take this position and be a hero rather that continue to be a lap dog.

  Hello

  use open-source based linux firewalls and routers.

  and check the source cod

• Will there be improvements made to the features of VPN configuration and firewalls in the ACC?

  Future versions of CCA will have the ability to set up the VPN site-to site on UC520s, UC540s and SR520s without having to use the Multisite Manager or CLI? With non-SBCS Cisco VPN products have a Cisco's GUI to configure site-to-site VPNs. The UC520, UC540 and SR520 are the only Cisco products (with the exception of products that have reached end of life status) who do not have this capability in a sort of Cisco's GUI (apart from the Multisite Manager of CCA 2.1 and later versions).

  Future versions of CCA will allow you to modify the firewall on UC520s, UC540s and SR520s rules without having to resort to the CLI?

  Almost all Cisco products, except for UC520, UC540 and SR520 series products, have a Cisco's GUI to configure these features. The SA520 and SA540, these features can be configured in the web GUI. The Cisco ISR, these features can be configured through SDM or CCP. CCA has always had the ability to fix UC520 unit, but he had not the possibility to fine-tune the settings of firewall and security, unlike the web interface SA500, SDM or CCP.

  Reasons why having the skills to the CCA is important:

  • These characteristics are indicated on the data of UC520, UC540 and SR520 sheets
  • The opportunity to refine and verify access control lists in the ACC can accomplish the following:
    • Ability to comply with HIPAA, Sarbanes-Oxley, PCI, etc.
    • Improved troubleshooting
    • Eliminates the need to use CLI to refine or verify the firewall settings
  • VPN site to site can currently be configured via CLI or the CCA Multisite Manager
  • Multisite Manager CCA can be used for virtual private networks between UC500 or SR520s placed in front of UC500 units units
  • CCA Multisite Manager cannot be used for VPN between autonomous SR520 units, or between a unit UC500 and endpoint non-UC500 (with the exception of a placed in front of a UC500 unit SR520)
  • All images IOS Supportepar UC520 units, UC540 and SR520 routers have firewalls and VPN capabilities described here

  Hi John,.

  The ACC is a configuration tool for platforms that are part of the SBCS solutions. Multisite manager is the approach we take to configure a VPN site. Enchancements in customization of the firewall and access lists is something we plan to put on the roadmap. We will continue to improve the CCA to meet these requirements. We will schedule to get these features added in the 2010 calendar.

  Thank you

  Saurabh

• Is it safe to use Microsoft Tools and firewalls, and how to start.

  Hi, my question is what is it safe to use Microsoft Tools to the Microsoft Web site to improve the performance of the pc and can you name some of them which are the best?

  Second part:-what is the firewall and how to turn it on? Its not turns not on my Pc please be brief and guide me step by step!
  THNX!
  Windows 8

  Hi Muhammad,

  When a third party firewall, such as the Norton firewall is installed, WIndows will renounce its control over operations of the third-party firewall.  Until you actually uninstall your Norton product, the Windows Firewall is not available - you can not it activate or deactivate it, regardless of whether or not the Norton firewall is disabled.  This is done to prevent conflicts that might arise from having accidentally two firewalls running at the same time.  As long as you have installed Norton, this will be the only firewall on the system - disable so won't you firewall and no way to replace the Windows Firewall.

  Note: your system will be vulnerable to attacks from the internet and studies have shown that your computer may be infected within minutes.  Should never online without some kind of firewall to protect you.

  Hope this information helps
  John

• Laboratory of network of production using rdp Server 2 NICs (1 connected to prod vswitch and 1 single vswitch)

  Hi all

  I have a copy of my DC prod and a few servers on the host esx5 I created a single vswitch (no assigned network card). Besides all the vms on the isolated vswitch laboratory has no (empty) assigned default gateway ip address. Security measure. Let me explain briefly... everything is good so far... .but to access virtual machines on isolated vswitch, I need to connect to vcenter console to virtual machines. It's ok but very slow heavy and slow ...

  I thought to create that a virtual machine allows to call him my rdp Server I'll rdp on prod, then this machine virtual, I'll rdp on vms on isolated network lab. configuration of the server rdp as follows.

  I assigned 2 network cards to the rdp Server (to connect to prod vswitch network and another vswitch isolated), now my question is this secure?  which means in any way I want my isolated vms on vswitch lab test connect to servers of prod, this woulkd be a nightmere. As I am unable to ping test prod servers from computers virtual lab, and I wasn't expecting to. remember as a precautionary measure, I do not use a gatewate desktop virtual lab and I can only ping the server rdp... .so far so good

  Please let me know thoughts or maybe someone has put in place in the past...

  Thank you

  Yes it's course - internal traffic only network is isolated from the network of productin you - that traffic will come out is if place a router between the two networks

• ESXI hosts 5-2 and the best way to configure vSwitch and Nic redundancy

  Hi all

  Could someone help me find the best way to configure the vNetwork on 2 5 ESXI host for redundancy.  Once I managed to correctly configure the 2 hosts I will seek to use the same installation process for 6 guests.  3 sites with 2 hosts on each site managed all of vCentre Server

  I have 2 DL380 G7 servers 5 ESXI installed on a class 10, 8 GB SD card, I'm looking to install VSA on the 2 hosts on each server with 4 TB of internal storage (8 * 600 GB 10 k SAS).  Each server has a gigabit integrated 4-port NIC and I installed a 2nd NIC gigabit PCIe 4 ports, I also x 2 16 switches of port with Layer 3 routing.  I use vSphere 5 Standard acceleration Kit I am looking to use vCentre server for managing, vMotion for maintenance, HA for the failover and VM 10/15 (vCentre Server Std, DB SQL to vCentre Server, Exchange 2010, SQL Server 2008 R2, IIS Intranet, Helpdesk, 1 DC, 2 Domain Controller, AV Server, WSUS, SCCM Server, and Terminal Server server).

  What would be the best way to install and configure the network for performance and redundancy and am I missing something?

  My thoughts are, Teaming: -.

  vCenter - vswitch0 - port1 on NIC1 and port1 on NIC 2 - port1 on NIC1 to physical switch 1 - port1 on NIC2 to physical switch 2

  vMotion - vswitch1 - port2 on NIC1 and port2on NIC 2 - port2 on NIC1 to physical switch 1 - port2 on NIC2 to physical switch 2

  HA - vswitch3 - port3 on NIC1 and port3on NIC 2 - port3 on NIC1 physics 1 - port3 on NIC2 to physical switch 2 switch

  VM - vswitch4 - port4 on NIC1 and port4on NIC 2 - port4 on NIC1 to physical switch 1 - port4 on NIC2 to physical switch 2

  or do I need an additional NIC on each server to hit the VM 12-6 VM for 2 ports on 2 NETWORK interface card, or maybe something else I missed?

  Thank you

  In your case, to keep it simple and what I can say here is what would be my recommendation:

  3 standard vSwitches

  vSwitch0:

  • Management - vmnic0, vmnic2

  vSwitch1:

  • vMotion - vmnic1, vmnic3

  vSwitch2:

  • VM network - vmnic4, vmnic5, vmnic6, vmnic7

  The only reason why that I didn't split the VM in other network adapters shipped is because the difference in the types of the DL380 adapter shipped and the PCIe quad.