About this task

A firewall rule section is edited and saved independently and is used to apply separate firewall configuration to tenants.


  1. Select Firewall in the navigation panel.

    Ensure that you are in the General tab to add an L3 rule. Click the Ethernet tab to add an L2 rule.

  2. To add a section, in the first column, click the wheel (wheel icon) icon, or a rule and select either Add Section Above or Add Section Below.

    For any traffic attempting to pass through the firewall, the packet information is subjected to the rules in the order shown in the Rules table, beginning at the top and proceeding to the default rules at the bottom. In some cases, the order of precedence of two or more rules might be important in determining the disposition of a packet.

  3. Enter the section name and an optional description.
  4. Select either Stateful, False, or True. This option is applicable only for L3.

    Stateless firewalls watch network traffic, and restrict or block packets based on source and destination addresses or other static values. Stateful firewalls can watch traffic streams from end to end. Stateless firewalls are typically faster and perform better under heavier traffic loads. Stateful firewalls are better at identifying unauthorized and forged communications. There is no toggling between stateful and stateless once it is defined.

  5. Select where you would like to apply the section.

    If you have used Applied To in a section it will override any Applied To settings in the rules in that section.

    Logical Port - Displays all of the logical ports

    Logical Switch - Displays all of the logical switches

    NSGroup - Displays all of the NSGroups

  6. Click the checkbox next to the available port, switch, or group and then click the arrow.

    The item moves to the Selected column.

  7. Click Save to save the section.

    The newly added Section appears in the Firewall window.

What to do next

Add Firewall rules to the section.