Configure the Firewall on the Edge router

Last update: May 27 2025

Configure the Firewall on the Edge router

Firewall rules are configured on Edge routers.

An IP Set is a group of IP addresses to which Firewall rules apply. By combining IP addresses into an IP Set, you do not need to create a separate rule for each IP address.

1. Create an IP Set.
2. Create a Firewall rule.

1. Create IP Set⁠

1. From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the Grouping object → IP Sets tab.
7. Press +.
8. Enter the name of the group.
9. Enter IP addresses or ranges of IP addresses.
10. Press Keep.

2. Create a Firewall rule⁠

If the Firewall is enabled, the default rule for ingress traffic will block all traffic until you configure other rules.

1. From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.

2. Open the virtual data center page.

3. Go to Networking → Edges.

4. Open the page of the desired Edge.

5. Click Services.

6. Open the Firewall tab.

7. Turn on the Enabled toggle switch.

8. Press +.

9. Enter the name of the rule.

10. In the Source field, click + and enter the source address.

11. In the Service field, select any.

12. In the Action field, select Accept.

13. To specify the destination objects for which the rule will be applied, in the Destination field, click +, in the Browse objects of type field, select the type of destination objects, add the desired objects, and then click KEEP. Available object types:

    • Gateway interfaces — all internal networks (Internal), all external networks (External), or all external and internal networks (Any);
    • Virtual machines — Virtual machines;
    • OrgVdcNetworks — organization-level networks;
    • IP Sets — groups of IP addresses;
    • Security Groups — Security Groups.

14. Click Save changes.

Examples of rules⁠

Example 1

To allow access to the Internet via any protocols to a server with a specified IP:

1. From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the Firewall tab.
7. Turn on the Enabled toggle switch.
8. Press +.
9. Enter the name of the rule.
10. In the Source field, click IP and enter the IP address.
11. In the Destination field, select Any.
12. In the Service field, select Any.
13. In the Action field, select Accept.
14. Click Save changes.

Example 2

To allow access from the Internet via TCP protocol and port 80 through an external IP address:

1. From the Control Panel, open the Cloud Director panel: from the top menu, click Products → VMware-based Cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Click Services.
6. Open the Firewall tab.
7. Turn on the Enabled toggle switch.
8. Press +.
9. Enter the name of the rule.
10. In the Source field, select Any.
11. In the Destination field, click IP and enter the IP address.
12. In the Service field, enter tcp:80:Any.
13. In the Action field, select Accept.