You can create your own custom network isolation level to gain more control over the network environment on the recovery SDDC.
When you start a ransomware recovery plan, VMware Cloud DR creates a predefined set of default firewall rules for your recovery SDDC called network isolation levels.
Each network isolation level (Isolated, Quarantined, External Outbound, and more) exists as a networking and security compute SDDC group on VMware Cloud on AWS. The name of the SDDC group roughly corresponds to the name of corresponding network isolation level in the VMware Cloud DR UI.
You can create your own custom network isolation level in the VMC Console console by creating your own networking and security compute SDDC group on the recovery SDDC, set the group membership criteria, and then configure networking and security for the group. You can create or apply existing firewall rules and other network configuration to the group, which then serves as a network isolation level in VMware Cloud DR.
Do not edit the VMware Cloud DR created firewall rules/SDDC groups because they are deleted when plan gets committed. Custom groups and rules are not deleted by VMware Cloud DR. Custom isolation levels are also visible to multiple plans.
- Create a networking and security compute SDDC group on the recovery SDDC. Do not use the SDDC groups that VMware Cloud DR creates for the pre-defined network isolation levels, as they are deleted when a recovery plan is deactivated.
- Create firewall rules and apply to the SDDC group.