Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

This section describes firewall policies in private cloud with network managers (NSX, NSX-T) and in public cloud (AWS, Amazon, OCI), and firewall rules in Google Cloud Platform.
For details of classic firewalls (Edge firewalls in orgVDC in vCloud Director), see Manage classic firewalls

Introduction to firewalls

...

  1. Go to Virtual datacentersNetworkFirewalls

    1. For GCP go to Global → Network → Firewalls

  2. Click the Add button

  3. Enter the firewall details

    1. In GCP, if you assign a firewall to a Virtual datacenter, you can then use it as a default firewall

    2. In VCD, if you do not select a Virtual datacenter, the platform will create the firewall in the platform only, not in the provider

      Image Removed Create a firewall in AWSImage Added
  4. Click Save to create the firewall

  5. Add Firewall rules as describe in Create firewall rules.

...

Edit firewall

...

rules

You can define firewall rules for inbound and outbound traffic in your firewall policy.

To add a new firewall rule:

  1. Select the virtual datacenter or location

  2. Select the firewall

  3. On the Firewall rules panel, click the pencil Edit button

  4. Select the Inbound or Outbound tab for the traffic direction you wish to control

  5. Enter the details of a rule

    1. Protocol

      • Select from Common protocols, OR

      • Select and enter a Custom protocol

    2. Port range with the Start port and End port that this rule will apply to.
      To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time. 
      For Azure and GCP, you can enter:

      1. a single port, such as 80

      2. a range, such as 1024-65535

      3. a list of port/range, such as 80,1024-65535

    3. Sources or Targets as a network address and netmask, or a comma separated list of these (with no spaces)

  6. Click Add. The firewall rule will be added to the Firewall rules list

  7. Enter more rules as required, then click Save

...

edit firewall rules after you create a firewall.

See Edit firewall policy rules

...

Create a firewall policy in GCP

Excerpt
nameCreate a firewall policy in GCP

In GCP, the platform can create firewall rules in virtual datacenters or in global networks, to later attach to VMs.

Panel

Privileges: Manage firewall, Manage global networks

To create a new firewall, do these steps:

  1. Go to Virtual datacentersNetworkFirewalls OR
    Go to myCloud → Global → select the GCP provider → Network → Firewalls

  2. Click the Add button

  3. Enter the firewall details and select the direction

    1. For the Name, see GCP the Google cloud entity naming conventions. See Google Cloud Platform integration

    2. For the Direction, select INGRESS for incoming traffic or EGRESS for outgoing traffic

    3. For Sources or Targets, enter a list of comma separated values in CIDR format

    4. For Priority, the default is 1000 and lower numbers have higher priority

  4. Go to Inbound or Outbound and add firewall rules

    1. Optionally, select from predefined Common protocols OR
      Enter Protocols and enter a list of Ports, separated by commas, and/or a port range, separated with a dash (e.g. 80,8000-8009)

  5. After you finish adding rules, click Save

The platform will create your firewall in the provider.

...

  1. Go to Virtual datacenters → select a virtual datacenter → NetworkFirewalls

    Image Removed Display firewall policiesImage Added

To display all firewalls in Google Cloud Platform

...

  1. Go to Cloud virtual datacenters view → Locations

  2. Select a location

  3. Go to Network → Firewalls

    Image RemovedDisplay firewalls in a cloud locationImage Added

    Firewalls that do not exist in the provider are grayed out, and you should delete these firewalls.

...

  1. Go to Cloud virtual datacenters view

  2. Go to Global → Azure → Resource Groups

  3. Select a resource group

  4. To display the details of the firewall, edit the firewall

    Image Removed Edit a firewall in a resource groupImage Added

...

Assign a firewall policy to a VM

...