You can add firewall rules to an organization vDC network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

For a firewall rule to be enforced, you must enable the firewall for the organization vDC network. See Enable the Firewall for an Organization vDC Network.

When you add a new firewall rule to an organization vDC network, it appears at the bottom of the firewall rule list. For information about setting the order in which firewall rules are enforced, see Reorder Firewall Rules for an Organization vDC Network.

System administrators and organization administrators can add firewall rules.

Verify that you have an external NAT-routed organization vDC network.

1

Click the Manage & Monitor tab and click Organization vDCs in the left pane.

2

Double-click the organization vDC name to open the organization vDC.

3

Click the Org vDC Networks tab, right-click the organization vDC network name, and select Configure Services.

4

Click the Firewall tab and click Add.

5

Type a name for the rule.

6

Select the traffic direction.

7

Type the source IP address and select the source port.

For incoming traffic, the source is the external network. For outgoing traffic, the source is the organization vDC network.

8

Type the destination IP address and select the destination port.

For incoming traffic, the destination is the organization vDC network. For outgoing traffic, the destination is the external network.

9

Select the protocol and action.

A firewall rule can allow or deny traffic that matches the rule.

10

Select the Enabled check box.

11

(Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

12

Click OK and click OK again.