You can add firewall rules to a vApp network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

To enforce a firewall rule, you must enable the firewall for the vApp network. See Configure the Firewall for a vApp Network.

When you add a firewall rule to a vApp network, it appears at the end of the firewall rule list. For information about setting the order in which firewall rules are enforced, see Reorder Firewall Rules for a vApp Network.

If a system administrator specified syslog server settings and those settings were applied to the vApp network, then you can log firewall rule events. For information about applying syslog server settings, see Apply Syslog Server Settings to a vApp Network. To view the current syslog server settings, see View Syslog Server Settings for a vApp Network.

Prerequisites

A routed vApp network.

Procedure

  1. Click the My Cloud tab and click vApps in the left pane.
  2. Right-click a vApp and click Open.
  3. Click the Networking tab.
  4. Right-click the vApp network and select Configure Services.
  5. Click the Firewall tab and click Add.
  6. Enter a name for the rule.
  7. Enter a value for the traffic source.
    Option Description
    IP address Enter a source IP address to apply this rule on.
    Range of IP addresses Enter a range of source IP addresses to apply this rule on.
    CIDR To apply this rule on, enter the CIDR notation of traffic.
    internal Apply this rule to all internal traffic.
    external Apply this rule to all external traffic.
    any Apply this rule to traffic from any source.
  8. To apply the Source port rule, select a Source port from the drop-down menu.
  9. Enter a value for the traffic destination.
    Option Description
    IP address Enter a destination IP address to apply this rule on.
    Range of IP addresses To apply this rule on, enter a range of destination IP addresses.
    CIDR Enter the CIDR notation of traffic to apply this rule on.
    internal Apply this rule to all internal traffic.
    external Apply this rule to all external traffic.
    any Apply this rule to traffic with any destination.
  10. To apply this rule on from the drop-down menu, select the Destination port.
  11. To apply this rule on from the drop-down menu, select the Protocol.
  12. Select the action.
    A firewall rule can allow or deny traffic that matches the rule.
  13. Select the Enabled check box.
  14. (Optional) Select the Log network traffic for firewall rule check box.
    If you enable the Log network traffic for firewall rule, vCloud Director sends log events to the syslog server for connections that the rule affects. Each syslog message includes logical network and organization UUIDs.
  15. Click OK and click OK again.
  16. Click Apply.