(Exam Topic 1)

(Exam Topic 1)

Provide cross vCenter security functionality for the Universal Web Multi-Tiered network application.

Requirements:

vCenter: vcsa-01a.corp.local

Credentials: administrator@vsphere.local / VMware1!

New Section Name: Universal-Rules-New

Networks:

Web-Tier: 172.17.10.0/24

App-Tier: 172.17.20.0/24

DB-Tier: 172.17.30.0/24

Secure east/west network communication for each of the three tiers allowing only.

Firewall Rule section Name: Universal-Rules-NEW

Web Tier: any source address incoming on TCP port 80 and 443

Application Tier: access from the web tier on the incoming TCP port 8443

Database Tier: access from the application tier on the incoming TCP port 3306

Traffic that does not meet the above requirements should be blocked.

NOTE:

This rule must only affect the universal tiers.

HOL LAB for Practice:

See the explanation part for complete solution.

View Answer

Answer: SOLUTION:

Add new Section under Firewall.

Universal-Rules-NEW

Add rules:

Add another Rule:

Add another Rule:

Add Deny Rule:

Lower down the Deny rule to the end in this section: