To control the incoming and outgoing network traffic to and from an NSX-T Data Center edge gateway, you create firewall rules.
- In the top navigation bar, click Networking and click the Edge Gateways tab.
- Click the edge gateway.
- If the Firewall screen is not already visible under the Services section, click the Firewall tab.
- Click Edit Rules.
- Click the New On Top button.
A row for the new rule is added above the selected rule.
- Configure the firewall rule.
Option Description Name Enter a name for the rule. State To enable the rule upon creation, turn on the State toggle. Applications (Optional) To select a specific port profile to which the rule applies, turn on the Applications toggle and click Save. Source Select an option and click Keep.
- To allow or deny traffic from any source address, toggle on Any Source.
- To allow or deny traffic from specific firewall groups, select the firewall groups from the list.
Destination Select an option and click Keep.
- To allow or deny traffic to any destination address, toggle on Any Destination.
- To allow or deny traffic to specific firewall groups, select the firewall groups from the list.
Action From the Action drop-down menu, select an option.
- To allow traffic from or to the specified sources, destinations, and services, select Accept.
- To block traffic from or to the specified sources, destinations, and services, without notifying the blocked client select Drop.
- To block traffic from or to the specified sources, destinations, and services, and to notify the blocked client that traffic was rejected, select Reject.
IP Protocol Select whether to apply the rule to IPv4 or IPv6 traffic. Enable logging. To have the address translation performed by this rule logged, turn on the Enable logging toggle.
- Click Save.
- To configure additional rules, repeat these steps.
After the firewall rules are created, they appear in the Edge Gateway Firewall Rules list. You can move up, move down, edit, or delete the rules as needed.