Manualshelf

Virtual Private Cloud OnDemand Networking Guide

ManualsBrandsVMware ManualsApplicationsvCloud Air
21222324252627282930
Table Of Contents
About Firewall Rules
You configure all networking security policies on the gateway by creating firewall rules.
Virtual Private Cloud OnDemanddoes not require configuring security groups like other cloud providers.
You configure firewall rules to manage the traffic flowing in and out of your
Virtual Private Cloud OnDemand cloud. Additionally, you can configure firewall rules to secure network
traffic between interfaces on a gateway.
Firewall rules in Virtual Private Cloud OnDemand have the following characteristics:
n
Consist of 5 tuple policies (protocol, source/destination IP address, source/destination port)
n
Can have multiple policies across multiple networks
n
Are ideal for enterprise-grade application deployment
IMPORTANT By default, gateways are deployed with firewall rules configured to deny all network traffic to
and from the virtual machines on the routed networks. Attempting to ping a virtual machine on a network
after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic.
See “Add a Firewall Rule,” on page 29 in this guide for the steps to create a firewall rule.
Related Information
n
Configure the Firewall for an Edge Gateway in vCloud Director Administrator’s Guide
n
Add a Firewall Rule for an Edge Gateway in vCloud Director Administrator’s Guide
Add a Firewall Rule
Configure a firewall rule to allow traffic through a gateway to reach the virtual machines on your isolated
network and so that your virtual machines can reach the Internet.
This procedure provides the steps to create a firewall rule by using Virtual Private Cloud OnDemand. For
information about creating or editing firewall rules by using vCloud Director, see the following topics in the
vCloud Director Administrator’s Guide:
n
Configure the Firewall for an Edge Gateway
n
Add a Firewall Rule for an Edge Gateway
Prerequisites
n
Verify that you have network administrator privileges.
n
Obtain the IP address for the virtual machine for which you are creating the firewall rule.
Procedure
1
If necessary, click the expand icon ( ) to display the Virtual Data Centers pane.
2 Select the virtual data center to which the gateway belongs.
3 Click the Gateways tab.
Details about the gateway appear.
4 Click Firewall Rules tab.
5 Click the Add button.
The Add a Firewall “Allow” Exception dialog appears.
Chapter 3 Network Security and Secure Access
VMware, Inc. 29