NCD – Configuring Firewall Rules
Firewall rules can be configured for vDC networks and vApp networks.
To configure firewall rules for a vDC network:
- Click Firewall in the "Network Services" section of the appropriate vDataCenter detail page. The "Firewall" section displays the current status of any existing firewall rules defined for the vDC network.
- Click the "gear" icon in the upper right corner of the "Firewall" section to display the Firewall page.
To configure firewall rules for a vApp network:
- Click Networks in the "Children" section of the appropriate vApp detail page.
- In the "Networks" list, click the name of the desired vApp network. The vApp Network page appears.
- Click Firewall in the "Services" section of the vApp Network page. The "Firewall" section displays the current status of any existing firewall rules defined for the vApp network.
- Click the "gear" icon in the upper right corner of the "Firewall" section to display the Firewall page.
Reordering Firewall Rules
The "Rules" list on the Firewall page displays existing firewall rules in order of precedence, from top (highest precedence) to bottom (lowest precedence). The list order determines the rule that is enforced when two rules conflict.To reorder firewall rules:
- For the firewall rule to moved, select, drag, and drop the "Move" column icon to the desired position in the "Rules" list.
- Click Save to rearrange the firewall rules.
Adding/Editing Firewall Rules
To add or edit firewall rules:- To add a firewall rule, click +Add Rule. To edit an existing firewall rule, click the "gear" icon in the "Rules" list corresponding to the rule to be edited. The Add/Edit Firewall Rule page appears.
- To enable the firewall rule, select the "Enabled" checkbox. When adding a new firewall rule, this checkbox is selected by default.
- Enter a descriptive name for the firewall rule in the "Name" field.
- Select a protocol for the firewall rule from the "Protocol" drop-down menu. Available options include TCP, UDP, TCP & UDP, ICMP, and Any.
- In the "Action" field, select an action to be applied for the firewall rule by selecting the Allow or Deny radio button.
- In the "Source" field, enter or select a source value for the firewall rule. The following notations and values are valid for the firewall "Source" field:
- A single IP address (example: 192.168.0.1)
- A network in CIDR notation (example: 192.168.0.0/24)
- A range of IPs (example: 192.168.0.1-192.168.0.50)
- Any IP address (example: "Any")
- Internal IP addresses (example: "Internal")
- External IP addresses (example: "External")
- In the "Source Port" field, enter or select a source port value for the firewall rule. The following notations and values are valid for the firewall "Source Port" field:
- A port number (an integer from 1-65535)
- Select FTP from the drop-down menu to select port 21
- Select SSH from the drop-down menu to select port 22
- Select HTTP from the drop down menu to select port 80
- Select HTTPS from the drop-down menu to select port 443
- A range of port numbers separated by a dash (-)
- "Any" or "-1" (equivalent values)
- A port number (an integer from 1-65535)
- In the "Destination" field, enter or select a destination value for the firewall rule. The following notations and values are valid for the firewall "Destination" field:
- A single IP address (example: 192.168.0.1)
- A network in CIDR notation (example: 192.168.0.0/24)
- A range of IPs (example: 192.168.0.1-192.168.0.50)
- Any IP address (example: "Any")
- Internal IP addresses (example: "Internal")
- External IP addresses (example: "External")
- In the "Destination Port" field, enter or select a destination port value for the firewall rule. The following notations and values are valid for the firewall "Destination Port" field:
- A port number (an integer from 1-65535)
- Select FTP from the drop-down menu to select port 21
- Select SSH from the drop-down menu to select port 22
- Select HTTP from the drop down menu to select port 80
- Select HTTPS from the drop-down menu to select port 443
- A range of port numbers separated by a dash (-)
- "Any" or "-1" (equivalent values)
- A port number (an integer from 1-65535)
- Click Add/Edit Firewall Rule to add or edit the rule, or Cancel to cancel your changes.
- At the Firewall page, click Save to save the firewall rules, or Cancel to cancel the operation.
Deleting Firewall Rules
To delete an existing firewall rule:- In the Firewall page "Rules" list, click Delete in the row corresponding to the rule to be deleted.
- Click Save to save the firewall rules, or Cancel to cancel the operation.
What is a Firewall?
What are Firewall Rules?
Firewall rule source, destination, port notation
Related vCD Documents