Configure Firewall

Last update: March 04 2024

Configure Firewall

Firewall rules are configured on Edge routers.

An IP Set is a group of IP addresses to which Firewall rules apply. Combining IP addresses into an IP Set allows you to avoid creating a separate rule for each IP address.

1. Create IP Set.
2. Create Firewall rule.

1. Create IP Set⁠

1. From Control Panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Press Services.
6. Open the Grouping object → IP Sets tab.
7. Press +.
8. Enter the name of the group.
9. Enter IP addresses or ranges of IP addresses.
10. Press Keep.

2. Create a Firewall rule⁠

If Firewall is enabled, the default rule default rule for ingress traffic will block all traffic until you configure other rules.

1. From Control Panel, open the Cloud Director panel: Cloud powered by VMware → Cloud Director.

2. Open the virtual data center page.

3. Go to Networking → Edges.

4. Open the page of the desired Edge.

5. Press Services.

6. Open the Firewall tab.

7. Turn on the Enabled toggle switch.

8. Press +.

9. Enter the name of the rule.

10. In the Source field, press + and enter the source address.

11. In the Service field, select any.

12. In the Action field, select Accept.

13. To specify the destination objects for which the rule will be applied, in the Destination field, press +, in the Browse objects of type field, select the type of destination objects, add the desired objects, and then press KEEP. Available object types:

    • Gateway interfaces — all internal networks (Internal), all external networks (External), or all external and internal networks (Any);
    • Virtual machines — Virtual machines;
    • OrgVdcNetworks — organization-level networks;
    • IP Sets — groups of IP addresses;
    • Security Groups — Security Groups.

14. Click Save changes.

Sample rules⁠

Пример 1

To allow access to the Internet via any protocols to a server with a specified IP:

1. From Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Press Services.
6. Open the Firewall tab.
7. Turn on the Enabled toggle switch.
8. Press +.
9. Enter the name of the rule.
10. In the Source field, click IP and enter the IP address.
11. In the Destination field, select Any.
12. In the Service field, select Any.
13. In the Action field, select Accept.
14. Click Save changes.

Пример 2

To allow access from the Internet via TCP protocol and port 80 through an external IP address:

1. From Control Panel, open the Cloud Director panel: VMware-based Cloud → Cloud Director.
2. Open the virtual data center page.
3. Go to Networking → Edges.
4. Open the page of the desired Edge.
5. Press Services.
6. Open the Firewall tab.
7. Turn on the Enabled toggle switch.
8. Press +.
9. Enter the name of the rule.
10. In the Source field, select Any.
11. In the Destination field, click IP and enter the IP address.
12. In the Service field, enter tcp:80:Any.
13. In the Action field, select Accept.