Firewall rules often apply to traffic from a network service. A new SDDC includes inventory entries for most of the common network service types, but you can add custom services if you need to.

When you create a firewall rule, you can specify that it applies to network traffic from one or more of the services defined in your SDDC's Services inventory. The default list includes VMware services such as remote console and provisioning, standard services such as IKE, ICMP, and TCP, and many well-known third party services. You can add services to this list by selecting values, typically ports and protocols, from a list of service types and additional service properties.

Procedure

  1. Log in to the VMware Cloud on AWS GovCloud at https://www.vmc-us-gov.vmware.com/.
  2. On the Networking & Security tab, click Inventory > Services.
    The Services card lists the predefined services.
  3. Click ADD NEW SERVICE and give the new service a Name.
  4. Click Set Service Entries to open the Set Service Entries page.
  5. On the Set Service Entries page, click ADD SERVICE ENTRY.
    To view the list of known services, use the drop-down controls to scroll through the Service Type and Additional Properties lists. To add a service, select a Service Type from the drop-down menu and specify Additional Properties such as Source or Destination Ports of the service, then click APPLY.
  6. (Optional) Provide a service Description and tag the service.

    See Add Tags to an Object in the NSX-T Data Center Administration Guide for more information about tagging NSX-T objects.

  7. Click SAVE to create the service definition.