You can add firewall rules to an organization virtual datacenter network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

About this task

For a firewall rule to be enforced, you must enable the firewall for the organization virtual datacenter network. See Enable the Firewall for an Organization Virtual Datacenter Network.

When you add a new firewall rule to an organization virtual datacenter network, it appears at the bottom of the firewall rule list. For information about setting the order in which firewall rules are enforced, see Reorder Firewall Rules for an Organization Virtual Datacenter Network.

System administrators and organization administrators can add firewall rules.

Prerequisites

Verify that you have an external NAT-routed organization virtual datacenter network.

Procedure

  1. Click the Manage & Monitor tab and click Organization VDCs in the left pane.
  2. Double-click the organization virtual datacenter name to open the organization virtual datacenter.
  3. Click the Org VDC Networks tab, right-click the organization virtual datacenter network name, and select Configure Services.
  4. Click the Firewall tab and click Add.
  5. Type a name for the rule.
  6. Select the traffic direction.
  7. Type the source IP address and select the source port.

    For incoming traffic, the source is the external network. For outgoing traffic, the source is the organization virtual datacenter network.

  8. Type the destination IP address and select the destination port.

    For incoming traffic, the destination is the organization virtual datacenter network. For outgoing traffic, the destination is the external network.

  9. Select the protocol and action.

    A firewall rule can allow or deny traffic that matches the rule.

  10. Select the Enabled check box.
  11. (Optional) : Select the Log network traffic for firewall rule check box.

    If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

  12. Click OK and click OK again.