You configure all networking security policies on the gateway by creating firewall rules. Virtual Private Cloud OnDemanddoes not require configuring security groups like other cloud providers. You configure firewall rules to manage the traffic flowing in and out of your Virtual Private Cloud OnDemand cloud. Additionally, you can configure firewall rules to secure network traffic between interfaces on a gateway.

Firewall rules in Virtual Private Cloud OnDemand have the following characteristics:

Consist of 5 tuple policies (protocol, source/destination IP address, source/destination port)

Can have multiple policies across multiple networks

Are ideal for enterprise-grade application deployment


By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the routed networks. Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic.

See Add a Firewall Rule in this guide for the steps to create a firewall rule.

Configure the Firewall for an Edge Gateway in vCloud Director Administrator’s Guide

Add a Firewall Rule for an Edge Gateway in vCloud Director Administrator’s Guide