To create firewall and NAT rules, you can use preconfigured application port profiles and custom application port profiles.
Application port profiles include a combination of a protocol and a port, or a group of ports, that is used for firewall and NAT services on the edge gateway. In addition to the default port profiles that are preconfigured for NSX, you can create custom application port profiles.
When you create a custom application port profile on an edge gateway, it becomes visible to all the other NSX edge gateways in the same organization that are backed by the same NSX-V Manager instance.
Application port profiles in VMware Cloud Director are the inventory equivalent of services in NSX. When you configure a service in NSX, it automatically synchronizes with VMware Cloud Director and it appears in the VMware Cloud Director UI as a custom application port profile.
If you want to configure an NSX service and not sync it with VMware Cloud Director, add the VCD_IGNORE
tag during the service creation. You can add the VCD_IGNORE
tag to NSX context profiles that you don't want to sync with VMware Cloud Director. Context profiles are also used for firewall rules, but are not visible in the VMware Cloud Director UI. You can create and view NSX context profiles by using the VMware Cloud Director API. For details on services and context profiles creation, see Add a Service and Context Profiles in NSX Administration Guide.
Procedure
- From the top navigation bar, select Resources and click Cloud Resources.
- In the left panel, click Edge Gateways.
- Click the edge gateway.
- Under Security, click Application Port Profiles.
- In the Custom Applications section, click New.
- Enter a name and, optionally, a description for the application port profile.
- Select a protocol from the drop-down menu.
- Enter a port, or a range of ports, separated by a comma, and click Save.
What to do next
Use application port profiles to create firewall and NAT rules. See Add an NSX Edge Gateway Firewall Rule in the VMware Cloud Director Service Provider Admin Portal and Add an SNAT or a DNAT Rule to an NSX Edge Gateway in the VMware Cloud Director Service Provider Admin Portal.