Configure Firewall

Last update: November 19 2024

Configure Firewall

Firewall rules are configured to Edge routers.

An IP Set is a group of IP addresses to which Firewall rules apply. By combining IP addresses into an IP Set, you do not need to create a separate rule for each IP address.

1. Create an IP Set.
2. Create a Firewall rule.

Create IP Set⁠

1. From control panel open the Cloud Director panel: VMware-based cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to the section Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the tab Grouping object → IP Sets.
7. Click +.
8. Enter the name of the group.
9. Enter IP addresses or ranges of IP addresses.
10. Click Keep.

Create a Firewall rule⁠

If the Firewall is enabled, the default rule is default rule for ingress traffic will block all traffic until you configure other rules.

1. From control panel open the Cloud Director panel: VMware-based cloud → Cloud Director.

2. Open the virtual data center page.

3. Go to the section Networking → Edges.

4. Open the page of the desired Edge.

5. Click Services.

6. Open the tab Firewall.

7. Turn on the toggle switch Enabled.

8. Click +.

9. Enter the name of the rule.

10. In the field Source click + and enter the source address.

11. In the field Service select any.

12. In the field Action select Accept.

13. To specify the destination objects for which the rule will be applied, in the field Destination click **+**in the field Browse objects of type select the type of destination objects, add the desired objects and click KEEP. Available object types:

    • Gateway interfaces — all internal networks (Internal), all external networks (External), or all external and internal networks (Any);
    • Virtual machines — Virtual machines;
    • OrgVdcNetworks — organization-level networks;
    • IP Sets — groups of IP addresses;
    • Security Groups — Security Groups.

14. Click Save changes.

Examples of rules⁠

Example 1

To allow access to the Internet via any protocols to a server with a specified IP:

1. From control panel open the Cloud Director panel: VMware-based cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to the section Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the tab Firewall.
7. Turn on the toggle switch Enabled.
8. Click +.
9. Enter the name of the rule.
10. In the field Source click IP and enter the IP address.
11. In the field Destination select Any.
12. In the field Service select Any.
13. In the field Action select Accept.
14. Click Save changes.

Example 2

To allow access from the Internet via TCP protocol and port 80 through an external IP address:

1. From control panel open the Cloud Director panel: VMware-based cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to the section Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the tab Firewall.
7. Turn on the toggle switch Enabled.
8. Click +.
9. Enter the name of the rule.
10. In the field Source select Any.
11. In the field Destination click IP and enter the IP address.
12. In the field Service enter tcp:80:Any.
13. In the field Action select Accept.