Blocking or allowing traffic when vShield App is down?

I did a couple of articles about vShield App a couple of months back. One of them explained how to get around a situation where vShield App would be down, as in this case of traffic would be blocked. Since then I spoke to multiple customers who asked me if it was possible to configure vShield App in such a way that traffic would be allowed when an issue occurred with vShield App. Although this goes against best practices and I would not recommend this, I can understand why some customers would want to do this. Luckily for them vShield App 5.0.1 now offers a setting that allows you to do this:

Go to vShield within vCenter
Click “Settings & Reports”
Click the “vShield App” tab
Click “Change” under “Failsafe”
Click “Yes” when asked if you would like to change the setting

Together with the option to exclude VMs from being protected by vShield App and the automatic restart of vShield App appliances in the case of a failure it seems that my feature requests were fulfilled.

A while back I posted a hack to exclude your vCenter Server from vShield App protection. I discussed this hack with the vShield team and asked them if it would be possible to add similar functionality to vShield. I was pleasantly surprised when I noticed that they managed to slip it in to vShield App 5.0.1 release. What a quick turnaround! It is described how to do this on page 51 of the admin guide. I tested it myself ad here are the steps I took:

Log in to the vShield Manager.
Click Settings & Reports from the vShield Manager inventory panel.
Click the vShield App tab.
On the Exclusion List, click Add.
Add Virtual Machines to Exclude dialog box opens.
Click in the field next to Select and click the virtual machine you want to exclude.
Click Select.
The selected virtual machine is added to the list.
Click OK

In my case I excluded both my WSX server and my vCenter Server instance: