If you select a NAT-based network connection when you deploy your vCloud Connector node, you need to set up NAT mapping and firewall rules.

There are multiple approaches to managing this issue. Decide whether you want to use NAT to forward only the ports necessary for vCloud Connector operation or to forward all ports and then set up a firewall rule to filter all but the required ports. See System Requirements for the list of required ports.

Your appliance is deployed and you are logged in to the vCloud Director Web console.

1

Click the Administration tab and select Virtual Datacenters in the left panel.

2

Double-click your virtual datacenter.

3

Click the Org VDC Networks tab.

4

Find the network you are using in the list of networks, right-click, and select Configure Services.

5

Click the NAT tab.

6

Click Add DNAT to add the rule.

The Add Destination NAT Rule dialog box appears.

7

Select the network on which to apply the rule.

8

Specify the external IP address.

9

If you want to NAT all ports, select ANY for the Original port entry.

If you want to NAT only the required ports, create a rule for each port.

10

Specify the translated (internal) IP address from your initial setup and match the port entry for this rule.

11

Click OK.

12

Click Add SNAT.

The Add Source NAT Rule dialog box appears.

13

Select the network on which to apply the rule.

14

Specify the internal IP address that is assigned to the vCloud Connector node.

15

Specify the External (Translated) IP address that all outgoing traffic has to go through.

16

Click OK.

17

If you are using a firewall rule to control traffic, click the Firewall tab and select the Enable firewall check box.

18

Click Add at the bottom of the page to create a new firewall rule.

Create a rule for each required port.

19

Select the Enabled check-box, if it is not already selected.

20

Give the rule a name.

21

Unless specified, type Any in the Source IP Address text box and Any in the Source Port text box.

22

Type the destination IP address and port.

The destination IP address is the external IP address.

23

Select the protocol.

24

Select Allow.

25

Click OK to create the rule.