Traffic attempting to pass through the firewall is subjected to the rules in the order shown in the ALL RULES list.

The order of distributed firewall rules in the ALL RULES list is the union of the ordered list of policies and the ordered list of rules in each policy. You can reorder the distributed firewall sections and rules within a section. You can also edit existing distributed firewall configuration, delete, or clone a firewall rule or section.

Procedure

  1. Log in to VMware Cloud Services at https://vmc.vmware.com.
  2. Click Inventory > SDDCs, then pick an SDDC card and click VIEW DETAILS.
  3. Click OPEN NSX MANAGER and log in with the NSX Manager Admin User Account shown on the SDDC Settings page. See SDDC Network Administration with NSX Manager.
    You can also use the VMware Cloud Console Networking & Security tab for this workflow.
  4. Open the Distributed Firewall page.
  5. (Optional) Modify policy settings.
    Click the vertical ellipsis button at the beginning of the policy row to take bulk actions, which affect all rules in the policy. You cannot modify these settings if the policy includes any rules.
  6. (Optional) Reorder policies.

    A policy created from the ADD POLICY button is placed at the top of the list of policies. Firewall rules in each policy are applied in policy order from top to bottom. To change the position of a policy (and all the rules it contains) in the list, select it and drag it to a new position. Click PUBLISH to publish the change.

  7. (Optional) Clone or copy a rule.
    Click Actions menu at the beginning of the rule row, then click:
    • Clone Rule to make a copy of the rule in this policy.
    • Copy Rule to make a copy of the rule that you can add to another policy.
  8. (Optional) Add or delete a rule.
    Click Actions menu at the beginning of the rule row, then click:
    • Add Rule to add a rule in this policy.
    • Delete Rule to delete the rule from this policy.
  9. (Optional) Save or view distributed firewall configurations.
    Distributed firewall configurations in VMware Cloud on AWS are similar to the Firewall Drafts feature of on-premises NSX. Click ACTIONS > View to view a list of saved configurations. Click ACTIONS > Save to save the current configuration. Configurations are auto-saved by default. Click ACTIONS > Settings > General Settings to disable Auto Save Drafts.
  10. (Optional) Configure Identity Firewall settings
    This option is available if you have activated NSX Advanced Firewall features. See About NSX Advanced Firewall Features for more information. Before you can use this feature, you have to apply it to one or more SDDC clusters.
    1. On the Distributed Firewall tab, click ACTIONS > Settings > General Settings and toggle Identity Firewall Status to Enable.
    2. Click the Identity Firewall Settings tab and choose the SDDC clusters where you want to use this feature.