Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
7 Point to the Service cell of the new rule. Perform one of the following options:
Option Description
Click
To specify the service as a port–protocol combination:
a Select the service protocol.
NOTE The edge gateway supports ALG for FTP only.
b Under Advanced options, type the port number.
c Click OK.
Click
To select a pre-defined service or service group, or define a new one:
a
Select one or more objects and click
.
You can create a new service or service group. Once you create the
new object, it is added to the Selected Objects column by default.
b Click OK.
In order to protect your network from ACK or SYN floods, you can set the service to TCP-all_ports or
UDP-all_ports and set the action to Block for the default rule.
8
Point to the Action cell of the new rule and click
. Select the required actions and click OK.
Action Results in
Accept
Allows traffic from or to the specified sources, destinations, and services.
Deny
Blocks traffic from or to the specified sources, destinations, and services.
Reject
Sends reject message for unaccepted packets.
RST packets are sent for TCP connections.
ICMP messages with administratively prohibited code are sent for UDP,
ICMP, and other IP connections.
Log
Logs all sessions matching this rule. Enabling logging can affect
performance.
Do not log
Does not log sessions.
Advanced options > Match on
Translated
Applies the rule to the translated IP address and services for a NAT rule
Enable Rule Direction
Indicates whether the rule is incoming or outgoing.
NOTE VMware does not recommend specifying the direction for firewall
rules.
9 Click Publish.
After a few moments, a message indicating whether the publish operation was successful appears. In
case of any failures, the hosts on which the rule was not applied are listed. When you click Publish, the
firewall configuration is automatically saved.
Edit an Edge Gateway Firewall Rule
You can edit and delete only the user-defined firewall rules that were added to an edge gateway. You
cannot edit or delete an auto-generated rule or the default rule.
Procedure
1 Log in to vCloud Air and navigate to the vCloud Edge Gateway Services UI.
See “Log In and Navigate to Advanced Networking Services,” on page 9 for information.
Chapter 4 Network Security and Isolation
VMware, Inc. 33