Skip to main content
Configure the Firewall on the Edge router
Last update:

Configure the Firewall on the Edge router

Firewall rules are configured on Edge routers.

An IP Set is a group of IP addresses to which Firewall rules apply. By combining IP addresses into an IP Set, you do not need to create a separate rule for each IP address.

  1. Create an IP Set.
  2. Create a Firewall rule.

1. Create IP Set

  1. From the Control Panel, open the Cloud Director panel: from the top menu, click ProductsVMware-based CloudCloud Director.
  2. Open the virtual data center page.
  3. Go to NetworkingEdges.
  4. Open the page of the desired Edge.
  5. Click Services.
  6. Open the Grouping objectIP Sets tab.
  7. Press +.
  8. Enter the name of the group.
  9. Enter IP addresses or ranges of IP addresses.
  10. Press Keep.

2. Create a Firewall rule

If the Firewall is enabled, the default rule for ingress traffic will block all traffic until you configure other rules.

  1. From the Control Panel, open the Cloud Director panel: from the top menu, click ProductsVMware-based CloudCloud Director.

  2. Open the virtual data center page.

  3. Go to NetworkingEdges.

  4. Open the page of the desired Edge.

  5. Click Services.

  6. Open the Firewall tab.

  7. Turn on the Enabled toggle switch.

  8. Press +.

  9. Enter the name of the rule.

  10. In the Source field, click + and enter the source address.

  11. In the Service field, select any.

  12. In the Action field, select Accept.

  13. To specify the destination objects for which the rule will be applied, in the Destination field, click +, in the Browse objects of type field, select the type of destination objects, add the desired objects, and then click KEEP. Available object types:

    • Gateway interfaces — all internal networks (Internal), all external networks (External), or all external and internal networks (Any);
    • Virtual machines — Virtual machines;
    • OrgVdcNetworks — organization-level networks;
    • IP Sets — groups of IP addresses;
    • Security Groups — Security Groups.
  14. Click Save changes.

Examples of rules

To allow access to the Internet via any protocols to a server with a specified IP:

  1. From the Control Panel, open the Cloud Director panel: from the top menu, click ProductsVMware-based CloudCloud Director.
  2. Open the virtual data center page.
  3. Go to NetworkingEdges.
  4. Open the page of the desired Edge.
  5. Click Services.
  6. Open the Firewall tab.
  7. Turn on the Enabled toggle switch.
  8. Press +.
  9. Enter the name of the rule.
  10. In the Source field, click IP and enter the IP address.
  11. In the Destination field, select Any.
  12. In the Service field, select Any.
  13. In the Action field, select Accept.
  14. Click Save changes.