Classic firewalls implementation
- MS (Unlicensed)
Abiquo implements vCloud firewall policies and classic firewalls at the Edge level, which is the distributed virtual firewall in vCenter and NSX.
First, when the user assigns a firewall to a deployed VM, the platform creates a new rule with the source or destination that points to the VM object.
Secondly, when a user creates a classic firewall rule, the platform will implement it as described in the following table.
| Source or destination | New rule created using.... |
|---|---|
| Any/Internal/External/All | A Network object. "Any" or "All" maps to ''VSE'' |
object:vcloudUrn Also ''IP Sets'' or ''Security Groups'', aggregations in NSX/vCloud, configured in orgVdc / Security | A VM (for example) object - (source or destination restricted to specific virtual machine) |
| IP or IPstart-IPend or network CIDR | A single IP, a IP range or an IP network specification |
| Comma separated list of the above values, e.g. 10.60.1.0,object:vmInternalProvidrId,10.60.2.0/24 | An IP, a VM, and a network CIDR |
When using a NAT IP in a VM, the platform also creates a firewall rule. And when using a public IP or NAT IP as a load balancer address, the platform also creates a firewall rule.
To restore the previous configuration with the firewall at the vApp network level, set the "abiquo.vcd.firewall.vappnetwork" property to true.
Copyright © 2006-2022, Abiquo Holdings SL. All rights reserved