Name |
Enter a name for the rule. |
State |
To enable the rule upon creation, turn on the State toggle. |
Applications |
(Optional) Choose one of the options.
- To apply the rule to specific applications, turn on the Applications toggle, select the one or more applications from the list, and click Save.
- To select specific ports to which the rule applies, click Raw Port-Protocols, select a protocol type, and enter source and destination ports or port ranges, separated by commas. You can add up to 15 port-protocol rows per rule.
|
Source |
- Choose one of the following options.
- To allow or deny traffic from any source address, toggle on Any Source.
- To allow or deny traffic from specific firewall groups, , click Firewall Groups and select the firewall groups from the list.
- To enter IP addresses, CIDR blocks, or IP ranges manually, click Firewall IP Addresses, then click Add and enter the individual IP addresses, CIDR blocks, or ranges.
- Click Keep.
|
Destination |
- Choose one of the following options.
- To allow or deny traffic to any destination address, toggle on Any Destination.
- To allow or deny traffic to specific firewall groups, click Firewall Groups and select the firewall groups from the list.
- To enter IP addresses, CIDR blocks, or IP ranges manually, click Firewall IP Addresses, then click Add and enter the individual IP addresses, CIDR blocks, or ranges.
- Click Keep.
|
Action |
Select an option.
- To allow traffic from or to the specified sources, destinations, and services, select Allow.
- To block traffic from or to the specified sources, destinations, and services, without notifying the blocked client select Drop.
- To block traffic from or to the specified sources, destinations, and services, and to notify the blocked client that traffic was rejected, select Reject.
|
IP Protocol |
Select whether to apply the rule to IPv4, IPv6 traffic, or both. |
Applied To |
(Optional) From the drop-down menu, select an IP space uplink to which to apply the rule. |
Logging |
To have the address translation performed by this rule logged, turn on the Logging toggle. After you create the rule, in the Logging ID text box, you can see the unique NSX firewall rule ID that the system generates upon the rule creation. |
Comment |
(Optional) Add a comment to the firewall rule. |