You can configure certain vApp networks to provide firewall services. Enable the firewall on a vApp network to enforce firewall rules on incoming traffic, outgoing traffic, or both.

About this task

When you enable the firewall, you can specify a default firewall action to deny all incoming and outgoing traffic or to allow all incoming and outgoing traffic. You can also add specific firewall rules to allow or deny traffic that matches the rules to pass through the firewall. These rules take precedence over the default firewall action. See Add a Firewall Rule to a vApp Network.

If a system administrator specified syslog server settings and those settings have been applied to the vApp network, then you can log events related to the default firewall action. For information about applying syslog server settings, see Apply Syslog Server Settings to a vApp Network. To view the current syslog server settings see View Syslog Server Settings for a vApp Network.

Prerequisites

A routed vApp network.

Procedure

  1. Click the My Cloud tab and click vApps in the left pane.
  2. Right-click a vApp and select Open.
  3. On the Networking tab, select Show networking details.
  4. Right-click the vApp network and select Configure Services.
  5. Click the Firewall tab and select Enable firewall to enable firewall services or deselect it to disable firewall services.
  6. Select the default firewall action.

    Option

    Description

    Deny

    Blocks all traffic except when overridden by a firewall rule.

    Allow

    Allows all traffic except when overridden by a firewall rule.

  7. (Optional) : Select the Log check box to log events related to the default firewall action.
  8. Click OK.
  9. Click Apply.