RSS .92| RSS 2.0| ATOM 0.3
  • Home
  •  

    Fun with VMware vShield Edge

    As part of VMware’s vCloud implementation, vShield Edge can become a major part of your infrastructure.

    In short, it can be used as a Layer 3 device including a firewall (but nothing outrageously complex).  So once it’s spun out, how does one troubleshoot connectivity errors?  And what sorts of fun things can we do with it?

    The following Q/A between myself and myself are all from the CLI.  So open up the vCenter which your vCD cell uses, and open a console on a vShield Edge device, identified by vse-.  Please authenticate first.  User is: admin and password is: default, but default.

    One more note, question mark (?) and tab completion <tab> are your friends…

    • Question: Where do I start.
    • Answer: list or ?  … No really, hit the Question Mark (?) key.  Help doesn’t help
    • How do I show the system log?
    • Answer: show log follow
    • Question:  How do I tell what ports are currently open?
    • Answer: show system network_connections
    • Question: How do I show NAT rules?
    • Answer: show iptables NAT
    • Question: And how do I do a tcpdump on a vse device?
    • Answer:  You have two options, the outside interface extif, or the inside interface intif.  To monitor the outside: debug packet display interface extif.  To monitor the inside interface, debug packet display interface inif
    You get the idea.
    The vShield Edge Appliance is just a stripped down Linux VM, that can accomplish Layer 3 routing, basic firewalling and IPsec tunneling.  Pretty good stuff.

    Leave a Reply

    Your email address will not be published. Required fields are marked *