Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
11 Point to the Service cell of the new rule and perform one of the following options:
Option Description
Click
To specify the service as a port–protocol combination:
a Select the service protocol.
NOTE The Trust Groups firewall supports Application Level Gateway
(ALG) for the following protocols: FTP, CIFS, ORACLE TNS, MS-RPC,
and SUN-RPC.
b Type the port number and click OK.
Click
To select a pre-defined service or service group, or define a new one:
a
Select one or more objects and click
.
You can create a new service or service group. Once you create the
new object, it is added to the Selected Objects column by default.
b Click OK.
NOTE To protect your network from ACK or SYN floods, set the service to TCP-all_ports or UDP-
all_ports and set the action to Block for the default rule.
12
Point to the Action cell, click
to configure the action for the rule, and click OK.
Action Results in
Accept
Allows traffic from or to the specified sources, destinations, and services.
Deny
Blocks traffic from or to the specified sources, destinations, and services.
Reject
Sends a reject message for unaccepted packets.
RST packets are sent for TCP connections.
ICMP messages with administratively prohibited codes are sent for UDP,
ICMP, and other IP connections.
Log
Logs all sessions matching this rule. Enabling logging can affect
performance.
Do not log
Does not log sessions.
Advanced options > Match on
Translated
Applies the rule to the translated IP address and services for a NAT rule.
Enable Rule Direction
Indicates whether the rule is incoming or outgoing.
VMware does not recommend specifying the direction for Trust Groups
firewall rules.
13
Point to the Applied To cell, click to define the scope at which this rule is applicable, then click OK.
To apply a rule to Do this
All edge gateways in your environment Select Apply this rule on all Edge gateways. After you
click OK, the Applied To column for this rule displays
All Edges.
When the option for all edge gateways in the virtual data
center is selected, the Applied To column displays Any.
One or more data centers, edge gateways, networks, or
virtual machines
1 In Container type, select the appropriate object.
2 In the Available list, select one or more objects and
click
.
NOTE When the rule contains virtual machines in the source and destination fields, you must add both
the source and destination virtual machines to Applied To for the rule to work correctly.
Chapter 4 Network Security and Isolation
VMware, Inc. 37