{"id":810,"date":"2021-10-20T16:15:10","date_gmt":"2021-10-20T15:15:10","guid":{"rendered":"https:\/\/vminded.com\/?p=810"},"modified":"2021-11-19T17:59:54","modified_gmt":"2021-11-19T16:59:54","slug":"nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1","status":"publish","type":"post","link":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/","title":{"rendered":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)"},"content":{"rendered":"\n<p><strong><a href=\"https:\/\/www.vmware.com\/fr\/products\/vmc-on-aws.html\" target=\"_blank\" rel=\"noreferrer noopener\">VMware Cloud on AWS<\/a><\/strong> already offers a robust sets of <strong>networking and security<\/strong> capabilities that enable customers to run production applications securely in the cloud.<\/p>\n\n\n\n<p>The release of the <strong>M16<\/strong> version is introducing new <strong>Advanced Firewall Features<\/strong> as an Add-on.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png\" alt=\"\" class=\"wp-image-844\" width=\"572\" height=\"199\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-300x105.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-768x268.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49.png 1111w\" sizes=\"auto, (max-width: 572px) 85vw, 572px\" \/><\/figure><\/div>\n\n\n\n<p>This includes the following new security capabilities:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:10%\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<ul class=\"wp-block-list\"><li><strong>L7 Distributed (Context Aware) Firewall with application ID<\/strong> &#8211;  With L7 (Context-aware) firewall you can go beyond simple IP\/ port level layer 4 security to complete stateful layer 7 controls and filtering. <\/li><li><strong>L7 Distributed Firewall with FQDN Filtering<\/strong> &#8211; Applications that communicate outside the SDDC also gain layer 7 protection using Distributed Firewall FQDN filtering capability. Customers can define specific FQDNs you can define specific FQDNs that are denied access to applications in the SDDC. The DFW maintains the context of VMs when they migrate. Customers increasingly rely on application profiling and FQDN filtering to reduce the attack surface of their applications to designated protocols and destinations.<\/li><li><strong>User Identity Firewall<\/strong> &#8211; You can create groups based on User ID and define DFW rules to control access to virtual desktops and applications in the SDDC. Per user\/ user session access control limits the amount of time and exposure users have to desktops or applications. Integration with Active Directory \/ LDAP enables the DFW to continuously curate user access to applications. User ID based rules are enforced by the DFW at the source, delivering pervasive, intrinsic security throughout the SDDC.<\/li><li><strong>Distributed IDS\/IPS<\/strong> &#8211; With&nbsp;NSX Distributed IDS\/ IPS, customers gain protection against attempts to exploit vulnerabilities in workloads on VMware Cloud on AWS. Distributed IDS\/ IPS is an application-aware deep packet inspection engine that can examine and protect traffic inside the SDDC.<\/li><\/ul>\n\n\n\n<p><\/p>\n<\/div>\n<\/div>\n\n\n\n<p>Let&#8217;s try them to see how it works!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Enabling the NSX Advanced Firewall Add-On<\/h2>\n\n\n\n<p>The NSX Advanced Firewall Add-on adds Layer-7 Firewall protection, Identity Firewalling, Distributed IDS\/IPS and FQDN Filtering to the VMC on AWS SDDC. This Feature is an <strong>Add-on featured<\/strong> and <strong>priced<\/strong> in addition to the Standard VMC on AWS subscription.<\/p>\n\n\n\n<p>Before any of these features can be used, you must first enable the add-on onto your SDDC. In the following section, I am going to walk you through the steps of enabling the NSX Advanced Firewall functionality onto your SDDC.<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:10%\"><\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\" style=\"flex-basis:66.66%\">\n<ol class=\"wp-block-list\" id=\"block-667168cf-2815-4414-9d1f-480c5bcd90b2\"><li>On your SDDC tile, click&nbsp;<strong>View Details<\/strong><\/li><li>Click the&nbsp;<strong>Add-Ons<\/strong>&nbsp;tab<\/li><li>In the NSX&nbsp;<strong>Advanced Firewall Tile<\/strong>, click&nbsp;<strong>Activate<\/strong><\/li><\/ol>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"269\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-1024x269.png\" alt=\"\" class=\"wp-image-816\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-1024x269.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-300x79.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-768x202.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-1536x404.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-2048x538.png 2048w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.07.04-1-1200x315.png 1200w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure><\/div>\n\n\n\n<p>Click <strong>Activate<\/strong><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-1024x451.png\" alt=\"\" class=\"wp-image-821\" width=\"498\" height=\"219\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-1024x451.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-300x132.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-768x338.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-1536x677.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3-1200x529.png 1200w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.30.07-3.png 1734w\" sizes=\"auto, (max-width: 498px) 85vw, 498px\" \/><\/figure><\/div>\n\n\n\n<p>Click&nbsp;<strong>OPEN NSX ADVANCED FIREWALL<\/strong>&nbsp;(This will take you to the Networking &amp; Security Tab)<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.42.15.png\" alt=\"\" class=\"wp-image-822\" width=\"445\" height=\"299\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.42.15.png 910w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.42.15-300x202.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-10.42.15-768x517.png 768w\" sizes=\"auto, (max-width: 445px) 85vw, 445px\" \/><\/figure><\/div>\n\n\n\n<p>At this step, the <strong>NSX Advanced Firewall Add<\/strong>&#8211;<strong>on<\/strong> has been enabled. To make use of the functionality it provides, you must configure them individually.<\/p>\n\n\n\n<p>In the upcoming sections, we will configure and test each of these features.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-configuring-l7-distributed-context-aware-firewall\">Configuring L7 Distributed Context Aware Firewall<\/h2>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.50.33.png\" alt=\"\" class=\"wp-image-841\" width=\"612\" height=\"142\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.50.33.png 612w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.50.33-300x70.png 300w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure><\/div>\n\n\n\n<p>With <strong>L7 (Context-aware) firewall<\/strong>, it&#8217;s possible to go beyond simple IP\/ port level layer 4 security to complete stateful layer 7 controls and filtering. This will avoid for instance someone from changing Port number to bypass a firewall rule.<\/p>\n\n\n\n<p>Extremely powerful !<\/p>\n\n\n\n<p><strong>Deep packet inspection<\/strong> (DPI) built into the Distributed Firewall enables you to allow only the intended application \/ protocols to run, while denying all other traffic at the source. This enables you to isolate sensitive applications by creating virtual zones within the SDDC. <\/p>\n\n\n\n<p><strong>Distributed Firewall<\/strong> (DFW) layer 7 policies are enforced at the hypervisor (vNIC) level and can migrate with the VM when they move from host to host in the SDDC, ensuring there are no gaps in enforcement.<\/p>\n\n\n\n<p>Let&#8217;s see how to configure and use the feature.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring a standard L4 FW rule<\/h3>\n\n\n\n<p>In my example, I have two VMs (webserver01, webserver02) running in my SDDC which are part of a group called<strong> Web Tier<\/strong>.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.07.46.png\" alt=\"\" class=\"wp-image-830\" width=\"435\" height=\"241\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.07.46.png 934w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.07.46-300x166.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.07.46-768x426.png 768w\" sizes=\"auto, (max-width: 435px) 85vw, 435px\" \/><\/figure><\/div>\n\n\n\n<p>Here are the IPs of the VMS:<\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"448\" height=\"84\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.31.png\" alt=\"\" class=\"wp-image-831\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.31.png 448w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.31-300x56.png 300w\" sizes=\"auto, (max-width: 448px) 85vw, 448px\" \/><\/figure>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"422\" height=\"70\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.26.png\" alt=\"\" class=\"wp-image-832\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.26.png 422w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.11.26-300x50.png 300w\" sizes=\"auto, (max-width: 422px) 85vw, 422px\" \/><\/figure>\n<\/div>\n<\/div>\n\n\n\n<p>They<strong> can <\/strong>communicate together over any protocol as this is the default settings in the Distributed Firewall as we can see here:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.03.21-1024x368.png\" alt=\"\" class=\"wp-image-828\" width=\"570\" height=\"204\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.03.21-1024x368.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.03.21-300x108.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.03.21-768x276.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.03.21.png 1112w\" sizes=\"auto, (max-width: 570px) 85vw, 570px\" \/><\/figure>\n\n\n\n<p>First let&#8217;s create a traditional L4 firewall rule to block <strong>SSH <\/strong>traffic between the two VMS.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"68\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-1024x68.png\" alt=\"\" class=\"wp-image-827\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-1024x68.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-300x20.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-768x51.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-1536x102.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-2048x136.png 2048w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-12.06.31-1200x80.png 1200w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p>Now if I want to <strong>ssh<\/strong> from <strong>webserver01<\/strong> to <strong>webserver02 <\/strong> it&#8217;s blocked:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.16.13-1024x393.png\" alt=\"\" class=\"wp-image-833\" width=\"514\" height=\"196\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.16.13-1024x393.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.16.13-300x115.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.16.13-768x294.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.16.13.png 1132w\" sizes=\"auto, (max-width: 514px) 85vw, 514px\" \/><\/figure><\/div>\n\n\n\n<p>What if SSH was listening on another port, however? What if some nefarious person (knowing SSH on port 22 is being blocked) changed the port the server listens on and attempts to SSH to the server against this new port, what happens then?&nbsp;<\/p>\n\n\n\n<p>To do that I have edited the <strong>sshd_config<\/strong> on the <strong>webserver02 <\/strong>VM and changed the port to <strong>2222<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28-1024x549.png\" alt=\"\" class=\"wp-image-834\" width=\"551\" height=\"295\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28-1024x549.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28-300x161.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28-768x412.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28-1200x643.png 1200w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.27.28.png 1508w\" sizes=\"auto, (max-width: 551px) 85vw, 551px\" \/><\/figure>\n\n\n\n<p>I have then restarted the <strong>ssh service<\/strong> on the VM:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.28.45-1024x33.png\" alt=\"\" class=\"wp-image-835\" width=\"630\" height=\"20\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.28.45-1024x33.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.28.45-300x10.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.28.45-768x25.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.28.45.png 1170w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 984px) 61vw, (max-width: 1362px) 45vw, 600px\" \/><\/figure>\n\n\n\n<p>We can see the ssh server is now running on port 2222:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-1024x155.png\" alt=\"\" class=\"wp-image-836\" width=\"508\" height=\"77\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-1024x155.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-300x45.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-768x116.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-1536x232.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45-1200x181.png 1200w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.34.45.png 1680w\" sizes=\"auto, (max-width: 508px) 85vw, 508px\" \/><\/figure>\n\n\n\n<p>Let see  what happens when we apply context awareness to the firewall rule.<\/p>\n\n\n\n<p>now if I try to connect back but on port 2222, it works!<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.37.20-1024x85.png\" alt=\"\" class=\"wp-image-837\" width=\"560\" height=\"46\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.37.20-1024x85.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.37.20-300x25.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.37.20-768x64.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-15.37.20.png 1110w\" sizes=\"auto, (max-width: 560px) 85vw, 560px\" \/><\/figure>\n\n\n\n<p>Unfortunately, the L4 DFW doesn&#8217;t block it. As mentioned earlier the firewall is looking for SSH on port 22, not port 2222, so I was able to bypass the firewall policy. <\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Configuring Context Aware Firewall rule<\/h3>\n\n\n\n<p>NSX Context-Aware Firewall &nbsp;Rule (L7) enhances visibility at the application level and helps to override the problem of application permeability. Visibility at the application layer helps you to monitor the workloads better from a resource, compliance, and security point of view.<\/p>\n\n\n\n<p>In order to switch to the Context Aware firewall, I just have to remove the SSH in the <em>Service<\/em> field from the DFW rule and need to add <strong>SSH<\/strong> in the <em>Context Profile<\/em> field:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-1024x575.png\" alt=\"\" class=\"wp-image-838\" width=\"580\" height=\"325\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-1024x575.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-300x169.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-768x431.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-1536x863.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-2048x1151.png 2048w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.25.27-1200x674.png 1200w\" sizes=\"auto, (max-width: 580px) 85vw, 580px\" \/><\/figure>\n\n\n\n<p>The rule is now changed:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"42\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-1024x42.png\" alt=\"\" class=\"wp-image-839\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-1024x42.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-300x12.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-768x32.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-1536x64.png 1536w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-2048x85.png 2048w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.27.22-1200x50.png 1200w\" sizes=\"auto, (max-width: 709px) 85vw, (max-width: 909px) 67vw, (max-width: 1362px) 62vw, 840px\" \/><\/figure>\n\n\n\n<p>Let&#8217;s try to connect again to port 2222:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10-1024x92.png\" alt=\"\" class=\"wp-image-840\" width=\"577\" height=\"51\" srcset=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10-1024x92.png 1024w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10-300x27.png 300w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10-768x69.png 768w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10-1200x107.png 1200w, https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.38.10.png 1296w\" sizes=\"auto, (max-width: 577px) 85vw, 577px\" \/><\/figure>\n\n\n\n<p>Now the attempt to connect to the modified port is block. That&#8217;s much better! This is because the DFW now assesses the packet at layer 7 and identifies the heuristics of the packet to be ssh and does not allow the traffic through.<\/p>\n\n\n\n<p>With Context-Aware Firewalling you can enable enforcement of security protocol versions\/ciphers reduce attacks by only allowing traffic matching APP Fingerprint, and enforce port-independent rules.<\/p>\n\n\n\n<p>In the <a href=\"https:\/\/vminded.com\/index.php\/2021\/10\/21\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-2\/\" target=\"_blank\" rel=\"noreferrer noopener\">next post<\/a> I will introduce you to the <span style=\"font-size: revert;\"><strong>L7 Distributed Firewall with FQDN Filtering<\/strong><\/span>. Stay tune!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware Cloud on AWS already offers a robust sets of networking and security capabilities that enable customers to run production applications securely in the cloud. The release of the M16 version is introducing new Advanced Firewall Features as an Add-on. This includes the following new security capabilities: L7 Distributed (Context Aware) Firewall with application ID &hellip; <a href=\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-810","post","type-post","status-publish","format-standard","hentry","category-vmconaws"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com\" \/>\n<meta property=\"og:description\" content=\"VMware Cloud on AWS already offers a robust sets of networking and security capabilities that enable customers to run production applications securely in the cloud. The release of the M16 version is introducing new Advanced Firewall Features as an Add-on. This includes the following new security capabilities: L7 Distributed (Context Aware) Firewall with application ID &hellip; Continue reading &quot;NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\" \/>\n<meta property=\"og:site_name\" content=\"vminded.com\" \/>\n<meta property=\"article:published_time\" content=\"2021-10-20T15:15:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-19T16:59:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png\" \/>\n<meta name=\"author\" content=\"Christophe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christophe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\"},\"author\":{\"name\":\"Christophe\",\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"headline\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)\",\"datePublished\":\"2021-10-20T15:15:10+00:00\",\"dateModified\":\"2021-11-19T16:59:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\"},\"wordCount\":990,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"image\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png\",\"articleSection\":[\"VMConAWS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\",\"url\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\",\"name\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com\",\"isPartOf\":{\"@id\":\"https:\/\/vminded.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png\",\"datePublished\":\"2021-10-20T15:15:10+00:00\",\"dateModified\":\"2021-11-19T16:59:54+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage\",\"url\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49.png\",\"contentUrl\":\"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49.png\",\"width\":1111,\"height\":387},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/vminded.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vminded.com\/#website\",\"url\":\"https:\/\/vminded.com\/\",\"name\":\"vminded.com\",\"description\":\"feed your mind with virtual thoughts\",\"publisher\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/vminded.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a\",\"name\":\"Christophe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g\",\"caption\":\"Christophe\"},\"logo\":{\"@id\":\"https:\/\/vminded.com\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/vminded.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/","og_locale":"en_US","og_type":"article","og_title":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com","og_description":"VMware Cloud on AWS already offers a robust sets of networking and security capabilities that enable customers to run production applications securely in the cloud. The release of the M16 version is introducing new Advanced Firewall Features as an Add-on. This includes the following new security capabilities: L7 Distributed (Context Aware) Firewall with application ID &hellip; Continue reading \"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)\"","og_url":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/","og_site_name":"vminded.com","article_published_time":"2021-10-20T15:15:10+00:00","article_modified_time":"2021-11-19T16:59:54+00:00","og_image":[{"url":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png","type":"","width":"","height":""}],"author":"Christophe","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christophe","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#article","isPartOf":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/"},"author":{"name":"Christophe","@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"headline":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)","datePublished":"2021-10-20T15:15:10+00:00","dateModified":"2021-11-19T16:59:54+00:00","mainEntityOfPage":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/"},"wordCount":990,"commentCount":2,"publisher":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"image":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png","articleSection":["VMConAWS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/","url":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/","name":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1) - vminded.com","isPartOf":{"@id":"https:\/\/vminded.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage"},"image":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage"},"thumbnailUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49-1024x357.png","datePublished":"2021-10-20T15:15:10+00:00","dateModified":"2021-11-19T16:59:54+00:00","breadcrumb":{"@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#primaryimage","url":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49.png","contentUrl":"https:\/\/vminded.com\/wp-content\/uploads\/2021\/10\/Screenshot-2021-10-20-at-16.48.49.png","width":1111,"height":387},{"@type":"BreadcrumbList","@id":"https:\/\/vminded.com\/index.php\/2021\/10\/20\/nsx-advanced-firewall-add-on-for-vmware-cloud-on-aws-part-1\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/vminded.com\/"},{"@type":"ListItem","position":2,"name":"NSX Advanced Firewall Add On for VMware Cloud on AWS (Part 1)"}]},{"@type":"WebSite","@id":"https:\/\/vminded.com\/#website","url":"https:\/\/vminded.com\/","name":"vminded.com","description":"feed your mind with virtual thoughts","publisher":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/vminded.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/vminded.com\/#\/schema\/person\/1800a04c708828d9b5c7b64f8eab3b3a","name":"Christophe","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vminded.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8a35247a893da5c4bd4e7b117047b93859d3def341ac950cf2285f9d9b9220bf?s=96&d=mm&r=g","caption":"Christophe"},"logo":{"@id":"https:\/\/vminded.com\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/vminded.com"]}]}},"_links":{"self":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/810","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/comments?post=810"}],"version-history":[{"count":15,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/810\/revisions"}],"predecessor-version":[{"id":1005,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/posts\/810\/revisions\/1005"}],"wp:attachment":[{"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/media?parent=810"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/categories?post=810"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vminded.com\/index.php\/wp-json\/wp\/v2\/tags?post=810"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}