You configure all networking security policies on the gateway by creating firewall rules. (vCloud Air does not require configuring security groups like some of the other cloud providers.) You configure firewall rules to manage the traffic flowing in and out of your vCloud Air cloud. Additionally, you can configure firewall rules to secure network traffic between any and all interfaces on a gateway.

Firewall rules in vCloud Air have the following characteristics:

Consist of 5 tuple policies (protocol, source/destination IP address, source/destination port)

Can have multiple policies across multiple networks

Are ideal for enterprise-grade application deployment


By default, gateways are deployed with firewall rules configured to deny all network traffic to and from the virtual machines on the gateway networks. Attempting to ping a virtual machine on a network after configuring a NAT rule will fail without adding a firewall rule to allow the corresponding traffic.

See Add a Firewall Rule in this guide for the steps to create a firewall rule.

Configure the Firewall for an Edge Gateway in vCloud Director Administrator’s Guide

Add a Firewall Rule for an Edge Gateway in vCloud Director Administrator’s Guide

Introduction to Gateway Services: Firewall in the vCloud Air Tutorials

“Configure Firewall and NAT Rules” in VMware vCloud Air Solution Brief