vCloud Director provides a fully featured layer 3 firewall to control transit from inside to outside security boundaries, and within the various VDC networks you create.
When you specify networks or IP addresses, you can use:
An individual IP address
IP ranges separated by a dash (-)
A CIDR, for example, 192.168.1.0/24
The keywords internal, external or any
NAT rules only work if the firewall is enabled. For security reasons, you should ensure that the firewall is always enabled.
Creating firewall rules
To create a firewall rule:
Select the Firewall tab.
Click the + button to add a new row to the firewall rules table.
For the New Rule, specify a Name.
In the Source and Destination fields, specify the source and destination addresses for the firewall rule.
In the Service field, click + and, in the Add Service dialog box, specify the Protocol, Source Port and Destination Port for the rule. When you're done, click Keep.
Select whether the rule is an Accept or Deny rule.
If you have a syslog server configured, select the Enable logging check box.
Click Save changes
A common use case for a firewall rule is to allow SSH through from the internet. The following example uses allocated public IP addresses.
When your VDC is provisioned in the:
In the example below, the source is any (any IP address within the VDC). The source port is also any. The destination is a public IP address and the destination port is 443 for HTTPS.