The platform provides a unified interface to firewalls in varied cloud environments. 

This section describes firewall policies, which are similar to security groups. The platform supports firewall policies in private cloud with network managers (NSX, NSX-T) and in public cloud.

Abiquo firewall policies represent.

• AWS security groups
• Azure firewall policies
• GCP firewall rules
• OCI network security groups

For more details, please see the public cloud features table for each provider.

In vCloud Director, the platform also supports classic firewalls, which are Edge firewalls at level of the public cloud region (orgVDC). See Manage classic firewalls. 

The synchronization process will onboard firewalls and it will update the platform's information about firewalls that already exist in the cloud provider. The platform synchronizes automatically when you onboard virtual resources from public cloud. Depending on the provider, the platform may support synchronization at the level of the location (public cloud region) or virtual datacenter.

To synchronize firewalls do these steps:

1. In the myCloud view go to Virtual datacenters, or Locations, or for Google Cloud Platform select the Global view
2. Go to Network → Firewalls
3. Click the double-arrow synchronize button 

To synchronize a firewall in AWS before you add new firewall rules:

1. Select the firewall and click the double-arrow synchronize button

The platform can create firewall policies in virtual datacenters in the provider, or in the platform only, for later use in providers, depending on provider support.

To create a new firewall, do these steps:

1. Go to Virtual datacenters → Network → Firewalls
2. Click the Add button
3. Enter the firewall details
   
   For more details see GUI Create firewall policy
   
   
4. Click Save to create the firewall
5. Add Firewall rules as described below

If you entered a virtual datacenter, the platform created your firewall in the provider. The platform will display a Provider-ID and a Virtual datacenter ID for the firewall. 

If you selected No virtual datacenter, the firewall will be created in the platform in the public cloud region for your enterprise. The synchronize process will not update this firewall. The platform will not create it in the provider until you select a virtual datacenter.

You can define firewall rules for inbound and outbound traffic in your firewall policy.

To add a new firewall rule:

1. Select the virtual datacenter or location
2. Select the firewall
3. On the Firewall rules panel, click the pencil Edit button
4. Select the Inbound or Outbound tab for the traffic direction you wish to control
5. Enter the details of a rule
   1. Protocol
   • • Select from Common protocols, OR
     • Select and enter a Custom protocol
   1. Port range with the Start port and End port that this rule will apply to. To enter one port, enter the same value twice, or optionally apply the rule to a number of ports at the same time
   2. Sources or Targets as a network address and netmask
6. Click Add. The firewall rule will be added to the Firewall rules list
7. Enter more rules as required, then click Save

In GCP, the platform can create firewall policies in virtual datacenters or in global networks, to later attach to VMs.

To create a new firewall, do these steps:

1. Go to Virtual datacenters → Network → Firewalls
   or go to myCloud → Global → select the GCP provider → Network → Firewalls
2. Click the Add button
3. Enter the firewall details and select the direction
   
   For more details see GUI Create firewall policy GCP General information
   
   
4. Go to Inbound or Outbound and add firewall rules
   
   For more details see GUI Create firewall policy GCP rules inbound outbound
   
   
5. After you finish adding rules, click Save

The platform will create your firewall in the provider.

You can set a default firewall policy for each virtual datacenter. 

To set or unset a default firewall for a virtual datacenter:

1. Select the firewall
2. Click the star default firewall button

When the user creates a VM, the platform will assign the default firewall. The firewall rules apply to VMs, not individual NICs on the VMs. Changes to the firewall ruleset will apply to every VM in the virtual datacenter with the default firewall. If you do not set a default firewall but the provider requires one, for example, AWS, the platform will set the provider's default firewall. In AWS the default firewall is not marked. 

If your provider allows it, you may edit a firewall policy in the platform. 

To edit a firewall policy:

1. Go to Virtual datacenters → select virtual datacenter or select a region → Network → Firewalls
2. Select the firewall policy and click the pencil edit button.
3. Make your changes and click Save

For more details see GUI Edit firewall policy

When you edit a firewall, you can add tags to group resources and manage them in Control view

To manage tags for a firewall, edit the firewall and add tags as described here.

Before you begin:

1. Check if your provider allows you to move firewalls. For example, Azure ARM allows you to move firewalls to other VDCs in the same resource group

To move a firewall to another virtual datacenter

1. Go to Virtual datacenters → Locations or Global
2. Select the public cloud region, or Azure provider and resource group
3. Edit the firewall policy and select the new Virtual datacenter
   
   

You can display and manage firewalls in the platforms at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display firewalls in a virtual datacenter in a provider:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Firewalls
   

To display all firewalls in Google Cloud Platform

1. Go to myCloud → Global view → select the GCP provider → Networks → Firewalls

To display all firewalls in a location (public cloud region or datacenter):

1. Go to Cloud virtual datacenters view → Locations
2. Select a location
3. Go to Network → Firewalls
   
   Firewalls that do not exist in the provider are grayed out, and you should delete these firewalls.

To display firewalls in an Azure Resource Group:

1. Go to Cloud virtual datacenters view
2. Go to Global → Azure → Resource Groups → select a resource group
3. To display the details of the firewall, edit the firewall

To delete firewall rules, do these steps.

1. Go to Virtual datacenters → select a virtual datacenter or select All → Network → Firewalls
2. Edit the firewall
3. Select the Inbound or Outbound tab
4. On the left-hand side of each rule you wish to delete, click the trash bin Delete button
5. Click Save

To delete a firewall policy:

1. Edit each VM that is using the firewall policy to remove the firewall policy
2. Select the firewall policy
3. Click the Delete button

The load balancer feature aims to simplify the creation of load balancers across all providers in the multi-cloud platform, providing a unified interface.

In AWS, Abiquo supports Application load balancers (see Manage Application Load Balancers) and Classic load balancers (described on this page). 

Please refer to cloud provider documentation as the definitive guide to the load balancing features.  And remember to check your cloud provider's pricing before you begin.

In vCloud Director, load balancers belong to a public cloud region, not a virtual datacenter. This means that in vCloud Director, you can attach VMs from more than one virtual datacenter to the same load balancer, and these load balancers do not work with private networks, which belong to only one virtual datacenter.

You can display and manage load balancers in the platform at the level of the virtual datacenter or the location (public cloud region or datacenter).

To display load balancers in virtual datacenters:

1. Go to Cloud virtual datacenters view

2. Select a virtual datacenter

3. Go to Network → Load balancers.

To display load balancers in a region, including those that do not exist in the provider.

1. Go to Cloud virtual datacenters view
2. Click the Locations button and select a location
3. Go to Network → Load balancers
   
   
   Load balancers that do not exist in the provider are displayed in light gray text and you should delete these load balancers.

To display load balancers in an Azure Resource Group:

1. Go to Cloud virtual datacenters view
2. Go to Global → Azure → Resource Groups → select a resource group
3. To display the details of the load balancer, edit the load balancer

Before you begin:

• Synchronize your virtual datacenters (including VMs, networks, firewalls, firewall rules, and load balancers)
• If required by your provider, create firewalls for your VMs to allow your load balancers to access the VMs
• In Azure make sure that your VMs belong to availability sets

To create a load balancer:

1. Go to Virtual datacenters → select a virtual datacenter → Network → Load balancers 
   1. For vCloud, select All virtual datacenters → Network → Load balancers → Region

2. Click the + add button and complete the following dialogs according to your cloud provider's documentation

Load balancer general information

The following screenshots are from AWS or Azure

For more details see GUI Create load balancer General info

Load balancer routing rules

For more details see GUI Create load balancer Routing rules

Load balancer SSL certificate

For more details see GUI Add a new certificate

Load balancer health check

For more details see GUI Create load balancer Health check

Load balancer firewalls

For more details see GUI Create load balancer Firewalls

Assign load balancer nodes

For more details see GUI Create load balancer Nodes

To manage tags for a load balancer, edit the load balancer and add tags as described here.

To assign a virtual machine to a load balancer, select the load balancer from the list.

When you onboard a VDC from a public cloud provider, the load balancers associated with the VDC and its VMs will be onboarded into the platform.

To access vCloud load balancers, and provider-only load balancers

1. Go to Virtual datacenters → All virtual datacenters
2. Go to Network → Load balancers → select region

To synchronize all load balancers in a VDC or region:

1. Go to Virtual datacenters
2. Select the VDC or region
3. Click the arrow synchronize button.

Load balancers that have been deleted directly in the provider are displayed in light gray text. You can edit these load balancers to recreate them in the provider, or delete them.

To delete a load balancer:

1. Select the load balancer
2. Click the delete button.

If your enterprise does not have credentials in the provider, then the load balancer will be released (it will be deleted in the platform but it will remain in cloud provider).