Configure a firewall rule to allow traffic through a gateway to reach the virtual machines on your isolated network and so that your virtual machines can reach the Internet.

This procedure provides the steps to create a firewall rule by using Virtual Private Cloud OnDemand. For information about creating or editing firewall rules by using vCloud Director, see the following topics in the vCloud Director Administrator’s Guide:

Configure the Firewall for an Edge Gateway

Add a Firewall Rule for an Edge Gateway

Verify that you have network administrator privileges.

Obtain the IP address for the virtual machine for which you are creating the firewall rule.

1

If necessary, click the expand icon (Expand Virtual Data Centers Pane Icon) to display the Virtual Data Centers pane.

2

Select the virtual data center to which the gateway belongs.

3

Click the Gateways tab.

Details about the gateway appear.

4

Click Firewall Rules tab.

5

Click the Add button.

The Add a Firewall “Allow” Exception dialog appears.

6

Complete the following settings to configure the rule:

Option

Description

Name

Enter a name for the rule.

Settings

(Optional) Select Enable this to enable the rule for the gateway.

Note

Selecting the Log network traffic for this exception option is unnecessary because you cannot access firewall logging data in Virtual Private Cloud OnDemand at this time.

Protocol

Choose a protocol to which the rule applies from the drop-down menu: any, TCP, UDP, TCP/UDP, or ICMP.

By default, the protocol is set to “any” so that network traffic from all protocols traverses the firewall.

Source

Choose an option from the drop-down menu:

Any: allows traffic from any source on the external network to reach the virtual machines.

Internal: apply this rule to all internal traffic.

External: apply this rule to all external traffic.

Specific CIDR, IP, or IP Range: type the CIDR notation of traffic to apply this rule on.

Source Port

(Optional) Enter a port or port range to allow traffic from those ports to reach your virtual machines on your isolated network.

Destination

Choose an option from the drop-down menu:

Any: allows traffic from any virtual machine on your isolated network to access the external network.

Internal: apply this rule to all internal traffic.

External: apply this rule to all external traffic.

Specific CIDR, IP, or IP Range: type the CIDR notation of traffic to apply this rule on.

Destination Port

(Optional) Enter a port or port range to allow traffic from those ports on your virtual machines to reach the external network.

7

Click Save.