When creating a custom network isolation level, after you have created the SDDC group, you can now apply firewall rules and any other network configuration you want.

These instructions show you how to create a firewall rule to allow a VM in ransomware recovery communicate with the NTP service.

Procedure

  1. From the SDDC group select Networking and Security > Security > Distributed Firewall.
  2. Under Distributed Firewall, click Add Policy. For the name of the policy, type CloudDR-Custom-Policy.
  3. Click the drop-down menu to the left of the new policy and select Add Rule.
    Distributed firewall rule on SDDC group to allow NTP service.
  4. The new rule appears under the policy. Enter a name for the policy, for example: VLR-Custom-Isolation-NTP-Allow.
  5. Next, under the Sources column click in the box which shows the Any selector.
  6. In the Set Source dialog box, select the SDDC group you created for your custom network isolation level.
  7. Scroll down and then click Apply.
  8. Next, click the Destination to set the destination for the firewall rule.
  9. Click Services, and in the Set Services dialog box, find and select the NTP service.
    SDDC Group network rule to allow NTP service for custom network isolation level.
  10. Under the Applied To column, click in the field and then in the Set Applied To dialog box, select the Groups option.
  11. Select your custom SDDC group, and then scroll down and click Apply.
  12. Under Applied To, click in the field.
  13. In the Set Applied To dialog box, make sure that the Select Applied is configured to Groups.
  14. Find your custom SDDC group and select it, then scroll down and click Apply. When you select the SDDC group here, the firewall rule is associated with the new firewall rule.
  15. Under the Action column, select Allow.
  16. Last, when you are finished configuring the firewall rule to allow NTP traffic, click the Publish button. Publishing the rule might take a moment. Now if you open the Change VM network isolation dialog box in VMware Live Cyber Recovery, you can see the new isolation level.
    Custom isolation dialog as shown in the Change network isolation dialog box.

What to do next

Now, you can begin adding other firewall rules and network configurations as needed for the group. Log into VMware Live Cyber Recovery and when you run a recovery plan for ransomware recovery and start the VM in validation, you can click the Change Isolation Level button and see the new isolation level in the dialog box.