Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
4 Click Publish Changes.
Manage Trust Groups Firewall Rules
Default firewall settings apply to traffic that does not match any of the user-defined firewall rules. The
default firewall rule for Trust Groups is displayed on the centralized firewall user interface, and the default
rule for each edge gateway is displayed at the edge gateway level.
The default Trust Group rule allows all L3 and L2 traffic to pass through all prepared clusters in your
infrastructure. The default rule is always at the bottom of the rules table and cannot be deleted or added to.
However, you can change the Action element of the rule from Allow to Block or Reject, add comments for
the rule, and indicate whether traffic for that rule should be logged.
Add a Trust Groups Firewall Rule
You add firewall rules at the global scope. Using the Applied To field, you can then narrow down the scope
at which you want to apply the rule. The firewall allows you to add multiple objects at the source and
destination levels for each rule, which helps reduce the total number of firewall rules to be added.
Procedure
1 From the Dashboard tab in the vCloud Air Web UI, click the virtual data center to configure a Trust
Groups firewall rule.
The Virtual Data Center Details page appears.
2 Click the Gateways tab > Manage in vCloud Director.
vCloud Director opens in a new browser tab and displays the Administration page for the gateways in
the selected virtual data center.
3 Under Cloud Resources in the left navigation panel, click Virtual Datacenters.
The page refreshes and displays the virtual data center in the table.
4 Select the virtual data center, right-click and select Manage Firewall.
The vCloud Security Services page appears.
5 Select the type of rule you want to create. You have the option to create a general rule or an Ethernet
rule.
To add an L3 rule, click the General tab. To add an L2 rule, click the Ethernet tab.
6 Expand the section where you want to add a rule.
By default, the edge gateway is provisioned with the section Default Section Layer3.
7
To add a rule at a specific place in the firewall table, in the No. column, click
and select Add Above
or Add Below.
A new any any allow rule is added above or below the selected rule. When the system defined rule is
the only rule in the firewall table, the new rule is added above the default rule.
8
Point to the Name cell, click and enter a name.
Chapter 4 Network Security and Isolation
VMware, Inc. 35