You can add firewall rules to an edge gateway that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

About this task

For a firewall rule to be enforced, you must enable the firewall for the edge gateway. See Configure the Firewall for an Edge Gateway.

When you add a new firewall rule to an edge gateway, it appears at the bottom of the firewall rule list. For information about setting the order in which firewall rules are enforced, see Reorder Firewall Rules for an Edge Gateway.

System administrators and organization administrators can add firewall rules to an edge gateway.

Procedure

  1. Click the Manage & Monitor tab and click Organization VDCs in the left pane.
  2. Double-click the organization virtual datacenter name to open the organization virtual datacenter.
  3. Click the Edge Gateways tab, right-click the edge gateway name and select Edge Gateway Services.
  4. Click the Firewall tab and click Add.
  5. Type a name for the rule.
  6. Type the traffic Source.

    Option

    Description

    IP address

    Type a source IP address to apply this rule on.

    Range of IP addresses

    Type a range of source IP addresses to apply this rule on.

    CIDR

    Type the CIDR notation of traffic to apply this rule on.

    internal

    Apply this rule to all internal traffic.

    external

    Apply this rule to all external traffic.

    any

    Apply this rule to traffic from any source.

  7. Select a Source port to apply this rule on from the drop-down menu.
  8. Type the traffic Destination.

    Option

    Description

    IP address

    Type a destination IP address to apply this rule on.

    Range of IP addresses

    Type a range of destination IP addresses to apply this rule on.

    CIDR

    Type the CIDR notation of traffic to apply this rule on.

    internal

    Apply this rule to all internal traffic.

    external

    Apply this rule to all external traffic.

    any

    Apply this rule to traffic with any destination.

  9. Select the Destination port to apply this rule on from the drop-down menu.
  10. Select the Protocol to apply this rule on from the drop-down menu.
  11. Select the action.

    A firewall rule can allow or deny traffic that matches the rule.

  12. Select the Enabled check box.
  13. (Optional) : Select the Log network traffic for firewall rule check box.

    If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

  14. Click OK and click OK again.