This blog is specifically for VMware vCloud Networking and Security 5.x…
I would definitely say that the number one question I get regarding vCloud Networking and Security is with regard to vShield App and all the things you can (and can not) do with it. One of the questions that I recently got was regarding exclusion of virtual machines… in other words, can we set it up so that certain VMs do not have the firewall rules applied to it/do not got through the vShield App appliance… Why yes, of course there is. Note that by default the vShield Manager and service vm’s are automatically excluded. Per best practices, the vCenter Server and additional service vm’s (such as partner vm’s like Trend Micro, McAfee, Symantec, etc.) should be excluded as well. Exclusion is useful when vCenter Server resides in the same cluster where vShield App is utilized.
When using the vShield Manager, if you select the vShield App under “Settings and Reports”, the Fail Safe option and Exclusion List options are available.
The Fail Safe option sets up the default fail safe configuration when the vShield App virtual appliance is down.
The Exclusion List allows you to add the individual virtual machines that can be exclude from App protection. Once selecting the “Exclusion List” you get the following screen that allows you to add the individual virtual machines.
Page 155 of the vShield 5.5 Admin guide will give more detail.