In Abiquo 5.0, the platform implementes vCloud firewall service is implemented at policies and classic firewalls at the Edge level, and new classic firewall capabilities are also available. When using a NAT IP in a VM, the platform also creates a firewall rule. And when using a public IP or NAT IP as a loadbalancer address, the platform also creates a firewall rule. which is the distributed virtual firewall in vCenter.
First, when the user assigns a firewall to a deployed VM, the platform creates a new rule with the source or destination (inbound or outbound rule) that points to the VM object.
Secondly, when a user creates a classic firewall rule, the platform will implement it as in the following table.
| Source or destination |
|---|
| New rule created using.... |
|---|
| Any/Internal/External/All |
| A Network object. |
Note:
| "Any" or "All" maps to ''VSE'' |
object:vcloudUrn Also ''IP Sets'' or ''Security Groups'', aggregations in NSX/vCloud, configured in orgVdc / Security |
| A VM (for example) object - (source or destination restricted to specific virtualmachine) | |
| IP or IPstart-IPend or network CIDR |
| A single IP, a IP range or an IP network specification |
| Comma separated list of the above values, e.g. 10.60.1.0,object:vmInternalProvidrId,10.60.2.0/24 |
...
| An IP, a VM, and a network CIDR |
When using a NAT IP in a VM, the platform also creates a firewall rule. And when using a public IP or NAT IP as a loadbalancer address, the platform also creates a firewall rule.
For vCloud versions without NSX support (versions below 9.5) or to restore the previous configuration with the firewall at the vApp network level, the administrator can set the "abiquo.vcd.firewall.vappnetwork" property to true.
...