Configure Security Settings for NSX Edge Nodes by Using CLI Commands
You configure the NSX Gateway Firewall to send logs to a central log server.
You perform these procedures on the NSX tier-0 and tier-1 gateway only if your environment uses NSX Edges.
- In a Web browser, log in to vCenter Server by using the vSphere Client.SettingValueURLhttps://management-domain-vcenter-server-fqdn/uiUser nameadministrator@vsphere.local
- In theVMs and templatesinventory, navigate to the NSX Edge node, right-click the appliance, and selectOpen remote console.
- VMW-NSX-01430,VMW-NSX-01511Configure the NSX Gateway Firewall on the tier-0 and tier-1 gateways to send logs to a central log server.You can configure the logging server with the LI-TLS or TLS protocols. You must store the server and client certificates in the/var/vmware/nsx/file-store/on each NSX Edge appliance.
- If you want to configure a TCP syslog server, run the command.set logging-server<server-ip or server-name>proto tcp level info
- If you want to configure a TLS syslog server, run the command.set logging-server<server-ip_/_server-FQDN>proto tls level info servercaca.pemclientcaca.pemcertificatecert.pemkeykey.pem
- If you want to configure a LI-TLS syslog server, run the command.set logging-server<server-ip_/_server-FQDN>proto li-tls level info servercaroot-ca.crt
Configure the syslog or SNMP server to send an alert if the events server is unable to receive events from the NSX Edge node and if DoS incidents are detected.