Introduction to Gateway Services: Firewall

The gateway in vCloud Air provides firewall protection for incoming and outgoing traffic. In this example, we create a simple firewall rule and then reconfigure the gateway to recognize it.

Watch the video

1. Configure Firewall Settings


If you're not already logged in, to get started:

  1. Go to https://vchs.vmware.com/login and log in to vCloud Air.
  2. On the Dashboard tab, click the virtual data center where you want to configure firewall settings (in this example, we use the SHAREPOINT virtual data center).



  3. Firewall rules can be added in both the vCloud Air UI and the vCloud Director UI. To configure the firewall via the vCloud Director UI, click the Gateways tab, and then click Manage in vCloud Director.



    Before configuring firewall settings, you need to know the external IP address.

  4. To identify the external IP address, click the Edge Gateways tab, select the corresponding network, and then click External IP Allocations.



  5. In the IP Allocations window, note the external IP address.
  • In this example, the external IP address is set to 69.194.137.230.



6. Click Cancel to return to the vCloud Director Administration window.

7. To configure firewall settings, select the gateway again, and then click Edge Gateway Services.



8. In the Configure Services window, click the Firewall tab and note the following:

  • The firewall is enabled by default.
  • The firewall is set to Deny for all rules.
  • This means that you must add rules to let certain kinds of traffic through.




9. Click Add to create a firewall rule.

10. In the Add Firewall Rule window, complete the following fields:

  • Note that for this example, we will create a simple rule to allow ICMP.
  • Name: Enter a name for the rule (We use Allow ICMP here).
  • Source: Enter external to accept any external traffic.
  • Destination: Enter any so that you can test pings.
  • Protocol: Select ICMP.
  • Action: Choose Allow.




11. Click OK to create the firewall rule and return to the Configure Services window.
After creating new firewall rules, you must reconfigure the gateway to recognize them.

12. In the Configure Services window, go to the Firewall tab and click OK.



13. Verify that the firewall is configured by pinging the gateway and watching that traffic is allowed through.


2. Manage Firewalls from the Network


Alternatively, you can manage and edit firewall settings from the routed network.

  1. On the Org VDC Networks tab, click the routed network, and then click Configure Services.



  2. Complete Steps 8-13 above to create the firewall rule.