The distributed firewall rules that you create apply only to workloads that are attached to the data center group networks.
Prerequisites
Verify that the distributed firewall service for the data center group is enabled.
Procedure
- From the primary left navigation panel, select Networking, and from the page top navigation bar, select the Data Center Groups tab.
The list of data center groups appears.
- Click the target data center group.
- Click the Distributed Firewall tab on the left.
- Click Edit Rules.
- To add a firewall rule, click New on Top.
- Configure the rule.
Option |
Description |
Name |
Enter a name for the rule. |
State |
To enable the rule upon creation, toggle on the State option. |
Applications |
(Optional) To select a specific port profile to which the rule applies, turn on the Applications toggle and click Save. |
Context |
(Optional) Select an NSX context profile for the rule. |
Source |
Select the source traffic and click Keep.
- To allow or deny traffic from any source address, toggle on Any Source.
- To allow or deny traffic from specific IP sets or security groups, select the IP sets and security groups from the list.
|
Destination |
Select the destination traffic and click Keep.
- To allow or deny traffic to any destination address, toggle on Any Destination.
- To allow or deny traffic to specific IP sets or security groups, select the IP sets and security groups from the list.
|
Action |
From the Action drop-down menu, select whether to allow or deny traffic from or to specific sources.
- To allow traffic from or to the specified sources, destinations, and services, select Accept.
- To block traffic from or to the specified sources, destinations, and services, select Deny.
|
IP Protocol |
Select whether to apply the rule to IPv4 or IPv6 traffic. |
Enable logging. |
To have the address translation performed by this rule logged, turn on the Enable logging toggle. |
- Click Save.
- To configure additional rules, repeat the steps.
Results
After you create the firewall rules, they appear in the Distributed Firewall Rules list. You can move the rules up or down, edit, or delete the rules, as needed.