Skip to main content
Configure Firewall
Last update:

Configure Firewall

Firewall rules are configured to Edge routers.

An IP Set is a group of IP addresses to which Firewall rules apply. By combining IP addresses into an IP Set, you do not need to create a separate rule for each IP address.

  1. Create an IP Set.
  2. Create a Firewall rule.

Create IP Set

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.
  2. Open the virtual data center page.
  3. Go to the section NetworkingEdges.
  4. Open the page of the desired Edge.
  5. Click Services.
  6. Open the tab Grouping objectIP Sets.
  7. Click +.
  8. Enter the name of the group.
  9. Enter IP addresses or ranges of IP addresses.
  10. Click Keep.

Create a Firewall rule

If the Firewall is enabled, the default rule is default rule for ingress traffic will block all traffic until you configure other rules.

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.

  2. Open the virtual data center page.

  3. Go to the section NetworkingEdges.

  4. Open the page of the desired Edge.

  5. Click Services.

  6. Open the tab Firewall.

  7. Turn on the toggle switch Enabled.

  8. Click +.

  9. Enter the name of the rule.

  10. In the field Source click + and enter the source address.

  11. In the field Service select any.

  12. In the field Action select Accept.

  13. To specify the destination objects for which the rule will be applied, in the field Destination click **+**in the field Browse objects of type select the type of destination objects, add the desired objects and click KEEP. Available object types:

    • Gateway interfaces — all internal networks (Internal), all external networks (External), or all external and internal networks (Any);
    • Virtual machines — Virtual machines;
    • OrgVdcNetworks — organization-level networks;
    • IP Sets — groups of IP addresses;
    • Security Groups — Security Groups.
  14. Click Save changes.

Examples of rules

To allow access to the Internet via any protocols to a server with a specified IP:

  1. From control panels open the Cloud Director panel: VMware-based cloudCloud Director.
  2. Open the virtual data center page.
  3. Go to the section NetworkingEdges.
  4. Open the page of the desired Edge.
  5. Click Services.
  6. Open the tab Firewall.
  7. Turn on the toggle switch Enabled.
  8. Click +.
  9. Enter the name of the rule.
  10. In the field Source click IP and enter the IP address.
  11. In the field Destination select Any.
  12. In the field Service select Any.
  13. In the field Action select Accept.
  14. Click Save changes.