Virtual Private Cloud OnDemand Networking Guide
Table Of Contents
6 Complete the following settings to configure the rule:
Option Description
Name
Enter a name for the rule.
Settings
(Optional) Select Enable this to enable the rule for the gateway.
NOTE Selecting the Log network traffic for this exception option is
unnecessary because you cannot access firewall logging data in
Virtual Private Cloud OnDemand at this time.
Protocol
Choose a protocol to which the rule applies from the drop-down menu:
any, TCP, UDP, TCP/UDP, or ICMP.
By default, the protocol is set to “any” so that network traffic from all
protocols traverses the firewall.
Source
Choose an option from the drop-down menu:
n
Any: allows traffic from any source on the external network to reach
the virtual machines.
n
Internal: apply this rule to all internal traffic.
n
External: apply this rule to all external traffic.
n
Specific CIDR, IP, or IP Range: type the CIDR notation of traffic to
apply this rule on.
Source Port
(Optional) Enter a port or port range to allow traffic from those ports to
reach your virtual machines on your isolated network.
Destination
Choose an option from the drop-down menu:
n
Any: allows traffic from any virtual machine on your isolated network
to access the external network.
n
Internal: apply this rule to all internal traffic.
n
External: apply this rule to all external traffic.
n
Specific CIDR, IP, or IP Range: type the CIDR notation of traffic to
apply this rule on.
Destination Port
(Optional) Enter a port or port range to allow traffic from those ports on
your virtual machines to reach the external network.
7 Click Save.
VPN and Remote Networks
Another aspect of network security is the connectivity you establish between your on premise data center
and the Virtual Private Cloud OnDemand cloud. Based on the workload, a virtual machine can have various
connectivity needs.
Virtual Private Cloud OnDemand supports the following types of secure connections between your remote
site and the Virtual Private Cloud OnDemand cloud.
Each type of connection has different security features:
n
Secure Internet connectivity with firewall rules (a gateway service)
See “About Firewall Rules,” on page 29 in this guide for information.
n
Secure VPN
n
IPsec VPN—secure site-to-site VPN
See “About Setting up an IPsec VPN Connection,” on page 31 and “Set up an IPsec VPN
Connection to a Remote Site,” on page 33 in this guide for information.
n
SSL VPN (Data Center Extension)—extension of your existing IP address range from your on-
premise data center into the cloud with Layer 2 extension
See “SSL VPN for Data Center Extension,” on page 34 in this guide for information.
vCloud Air - Virtual Private Cloud OnDemand Networking Guide
30 VMware, Inc.