An organization administrator can add firewall rules to an organization virtual datacenter network that supports a firewall. You can create rules to allow or deny traffic that matches the rules to pass through the firewall.

When you add a new firewall rule to an organization virtual datacenter network, it appears at the bottom of the firewall rule list. For information about how to set the order in which firewall rules are enforced, see Reorder Firewall Rules for an Organization Virtual Datacenter Network.

If a system administrator specified syslog server settings and those settings have been applied to the organization virtual datacenter network, then you can log firewall rule events. For information about applying syslog server settings, see Apply Syslog Server Settings to an Organization Virtual Datacenter Network. To view the current syslog server settings see View Syslog Server Settings for an Organization Virtual Datacenter Network.

Verify that you have a routed organization virtual datacenter network and enable the firewall for the organization virtual datacenter network. See Configure the Firewall for an Organization Virtual Datacenter Network

1

Click Administration and select the organization virtual datacenter.

2

On the Org VDC Networks tab, right-click the organization virtual datacenter network name and select Configure Services.

3

Click the Firewall tab and click Add.

4

Type a name for the rule.

5

(Optional) Select Match rule on translated IP to have the rule check against translated IP addresses rather than original IP addresses and choose a traffic direction to apply this rule on.

6

Type the traffic Source.

Option

Description

IP address

Type a source IP address to apply this rule on.

Range of IP addresses

Type a range of source IP addresses to apply this rule on.

CIDR

Type the CIDR notation of traffic to apply this rule on.

internal

Apply this rule to all internal traffic.

external

Apply this rule to all external traffic.

any

Apply this rule to traffic from any source.

7

Select a Source port to apply this rule on from the drop-down menu.

8

Type the traffic Destination.

Option

Description

IP address

Type a destination IP address to apply this rule on.

Range of IP addresses

Type a range of destination IP addresses to apply this rule on.

CIDR

Type the CIDR notation of traffic to apply this rule on.

internal

Apply this rule to all internal traffic.

external

Apply this rule to all external traffic.

any

Apply this rule to traffic with any destination.

9

Select the Destination port to apply this rule on from the drop-down menu.

10

Select the Protocol to apply this rule on from the drop-down menu.

11

Select the action.

A firewall rule can allow or deny traffic that matches the rule.

12

Select the Enabled check box.

13

(Optional) Select the Log network traffic for firewall rule check box.

If you enable this option, vCloud Director sends log events to the syslog server for connections affected by this rule. Each syslog message includes logical network and organization UUIDs.

14

Click OK and click OK again.